Document relay gateway client CLIs (#2424)

Fixes #2363 

* Rename `relay` package to `firezone-relay` so that binaries outputted
match the `firezone-*` cli naming scheme
* Rename `firezone-headless-client` package to `firezone-linux-client`
for consistency
* Add READMEs for user-facing CLI components (there will also be docs
later)

.github/workflows/ci.yml

@@ -55,12 +55,12 @@ jobs:
             target: runtime
             context: rust
             build-args: |
-              PACKAGE=relay
+              PACKAGE=firezone-relay
           - image_name: client
             target: runtime
             context: rust
             build-args: |
-              PACKAGE=firezone-headless-client
+              PACKAGE=firezone-linux-client
           - image_name: elixir
             target: compiler
             context: elixir

.github/workflows/rust.yml

@@ -47,9 +47,9 @@ jobs:
         # TODO: https://github.com/rust-lang/cargo/issues/5220
         include:
           - runs-on: ubuntu-20.04
-            packages: -p firezone-headless-client -p firezone-gateway -p connlib-client-android
+            packages: -p firezone-linux-client -p firezone-gateway -p connlib-client-android
           - runs-on: ubuntu-22.04
-            packages: -p firezone-headless-client -p firezone-gateway -p connlib-client-android
+            packages: -p firezone-linux-client -p firezone-gateway -p connlib-client-android
           - runs-on: macos-12
             packages: -p connlib-client-apple
           - runs-on: macos-13

docker-compose.yml

@@ -113,16 +113,16 @@ services:
 
   client:
     environment:
-      FZ_URL: "ws://api:8081/"
-      FZ_SECRET: "SFMyNTY.g2gDaAN3CGlkZW50aXR5bQAAACQ3ZGE3ZDFjZC0xMTFjLTQ0YTctYjVhYy00MDI3YjlkMjMwZTVtAAAAIBn8Xu1jtFlxZxp4ZvAz0f0QEN2PZThA-7awHMPxn_tHbgYAbLRvQokBYgHhM38.pM-prhb7uvvCVKf51-tAUMEtMzLPZk1n3nLsY44dGFA"
-      RUST_LOG: firezone_headless_client=trace,connlib_client_shared=trace,firezone_tunnel=trace,connlib_shared=trace,warn
+      PORTAL_URL: "ws://api:8081/"
+      PORTAL_TOKEN: "SFMyNTY.g2gDaAN3CGlkZW50aXR5bQAAACQ3ZGE3ZDFjZC0xMTFjLTQ0YTctYjVhYy00MDI3YjlkMjMwZTVtAAAAIBn8Xu1jtFlxZxp4ZvAz0f0QEN2PZThA-7awHMPxn_tHbgYAbLRvQokBYgHhM38.pM-prhb7uvvCVKf51-tAUMEtMzLPZk1n3nLsY44dGFA"
+      RUST_LOG: firezone_linux_client=trace,connlib_client_shared=trace,firezone_tunnel=trace,connlib_shared=trace,warn
     build:
       context: rust
       dockerfile: Dockerfile
       cache_from:
         - type=registry,ref=us-east1-docker.pkg.dev/firezone-staging/firezone/cache/client:main
       args:
-        PACKAGE: firezone-headless-client
+        PACKAGE: firezone-linux-client
     image: us-east1-docker.pkg.dev/firezone-staging/firezone/client:${VERSION:-main}
     dns:
       - 100.100.111.1
@@ -148,8 +148,8 @@ services:
     healthcheck:
       test: ["CMD-SHELL", "ip link | grep tun-firezone"]
     environment:
-      FZ_URL: "ws://api:8081/"
-      FZ_SECRET: "SFMyNTY.g2gDaAJtAAAAJDNjZWYwNTY2LWFkZmQtNDhmZS1hMGYxLTU4MDY3OTYwOGY2Zm0AAABAamp0enhSRkpQWkdCYy1vQ1o5RHkyRndqd2FIWE1BVWRwenVScjJzUnJvcHg3NS16bmhfeHBfNWJUNU9uby1yYm4GAEC0b0KJAWIAAVGA.9Oirn9t8rvQpfOhW7hwGBFVzeMm9di0xYGTlwf9cFFk"
+      PORTAL_URL: "ws://api:8081/"
+      PORTAL_TOKEN: "SFMyNTY.g2gDaAJtAAAAJDNjZWYwNTY2LWFkZmQtNDhmZS1hMGYxLTU4MDY3OTYwOGY2Zm0AAABAamp0enhSRkpQWkdCYy1vQ1o5RHkyRndqd2FIWE1BVWRwenVScjJzUnJvcHg3NS16bmhfeHBfNWJUNU9uby1yYm4GAEC0b0KJAWIAAVGA.9Oirn9t8rvQpfOhW7hwGBFVzeMm9di0xYGTlwf9cFFk"
       RUST_LOG: firezone_gateway=trace,connlib_gateway_shared=trace,firezone_tunnel=trace,connlib_shared=trace,warn
       ENABLE_MASQUERADE: 1
     build:
@@ -199,7 +199,7 @@ services:
       PUBLIC_IP6_ADDR: fcff:3990:3990::101
       LOWEST_PORT: 55555
       HIGHEST_PORT: 55666
-      PORTAL_WS_URL: "ws://api:8081/"
+      PORTAL_URL: "ws://api:8081/"
       PORTAL_TOKEN: "SFMyNTY.g2gDaAJtAAAAJDcyODZiNTNkLTA3M2UtNGM0MS05ZmYxLWNjODQ1MWRhZDI5OW0AAABARVg3N0dhMEhLSlVWTGdjcE1yTjZIYXRkR25mdkFEWVFyUmpVV1d5VHFxdDdCYVVkRVUzbzktRmJCbFJkSU5JS24GAFSzb0KJAWIAAVGA.waeGE26tbgkgIcMrWyck0ysv9SHIoHr0zqoM3wao84M"
       RUST_LOG: "debug"
       RUST_BACKTRACE: 1
@@ -209,10 +209,10 @@ services:
       cache_from:
         - type=registry,ref=us-east1-docker.pkg.dev/firezone-staging/firezone/cache/relay:main
       args:
-        PACKAGE: relay
+        PACKAGE: firezone-relay
     image: us-east1-docker.pkg.dev/firezone-staging/firezone/relay:${VERSION:-main}
     healthcheck:
-      test: ["CMD-SHELL", "lsof -i UDP | grep relay"]
+      test: ["CMD-SHELL", "lsof -i UDP | grep firezone-relay"]
       start_period: 20s
       interval: 30s
       retries: 5

rust/Cargo.lock

@@ -1118,6 +1118,18 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0870c84016d4b481be5c9f323c24f65e31e901ae618f0e80f4308fb00de1d2d"
 
+[[package]]
+name = "firezone-cli-utils"
+version = "1.20231001.0"
+dependencies = [
+ "clap",
+ "ctrlc",
+ "ip_network",
+ "tracing",
+ "tracing-subscriber",
+ "url",
+]
+
 [[package]]
 name = "firezone-gateway"
 version = "1.20231001.0"
@@ -1129,10 +1141,10 @@ dependencies = [
  "chrono",
  "clap",
  "connlib-shared",
+ "firezone-cli-utils",
  "firezone-tunnel",
  "futures",
  "futures-bounded 0.1.0",
- "headless-utils",
  "phoenix-channel",
  "secrecy",
  "serde",
@@ -1146,18 +1158,60 @@ dependencies = [
 ]
 
 [[package]]
-name = "firezone-headless-client"
+name = "firezone-linux-client"
 version = "1.20231001.0"
 dependencies = [
  "anyhow",
  "clap",
  "connlib-client-shared",
- "headless-utils",
+ "firezone-cli-utils",
  "secrecy",
  "tracing",
  "tracing-subscriber",
 ]
 
+[[package]]
+name = "firezone-relay"
+version = "1.20231001.0"
+dependencies = [
+ "anyhow",
+ "axum",
+ "base64 0.21.4",
+ "bytecodec",
+ "bytes",
+ "clap",
+ "derive_more",
+ "difference",
+ "env_logger",
+ "futures",
+ "hex",
+ "hex-literal",
+ "once_cell",
+ "opentelemetry",
+ "opentelemetry-otlp",
+ "opentelemetry_api",
+ "phoenix-channel",
+ "proptest",
+ "rand",
+ "redis",
+ "secrecy",
+ "serde",
+ "sha2",
+ "socket2 0.5.4",
+ "stun_codec",
+ "test-strategy",
+ "tokio",
+ "tracing",
+ "tracing-core",
+ "tracing-opentelemetry 0.21.0",
+ "tracing-stackdriver",
+ "tracing-subscriber",
+ "trackable 1.3.0",
+ "url",
+ "uuid",
+ "webrtc",
+]
+
 [[package]]
 name = "firezone-tunnel"
 version = "1.20231001.0"
@@ -1421,18 +1475,6 @@ version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
 
-[[package]]
-name = "headless-utils"
-version = "1.20231001.0"
-dependencies = [
- "clap",
- "ctrlc",
- "ip_network",
- "tracing",
- "tracing-subscriber",
- "url",
-]
-
 [[package]]
 name = "heck"
 version = "0.4.1"
@@ -2798,48 +2840,6 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
 
-[[package]]
-name = "relay"
-version = "1.20231001.0"
-dependencies = [
- "anyhow",
- "axum",
- "base64 0.21.4",
- "bytecodec",
- "bytes",
- "clap",
- "derive_more",
- "difference",
- "env_logger",
- "futures",
- "hex",
- "hex-literal",
- "once_cell",
- "opentelemetry",
- "opentelemetry-otlp",
- "opentelemetry_api",
- "phoenix-channel",
- "proptest",
- "rand",
- "redis",
- "secrecy",
- "serde",
- "sha2",
- "socket2 0.5.4",
- "stun_codec",
- "test-strategy",
- "tokio",
- "tracing",
- "tracing-core",
- "tracing-opentelemetry 0.21.0",
- "tracing-stackdriver",
- "tracing-subscriber",
- "trackable 1.3.0",
- "url",
- "uuid",
- "webrtc",
-]
-
 [[package]]
 name = "reqwest"
 version = "0.11.22"

rust/Cargo.toml

@@ -6,8 +6,8 @@ members = [
   "connlib/shared",
   "connlib/tunnel",
   "gateway",
-  "headless-client",
-  "headless-utils",
+  "linux-client",
+  "firezone-cli-utils",
   "phoenix-channel",
   "relay",
 ]
@@ -29,8 +29,8 @@ connlib-client-android = { path = "connlib/clients/android"}
 connlib-client-apple = { path = "connlib/clients/apple"}
 connlib-client-shared = { path = "connlib/clients/shared"}
 firezone-gateway = { path = "gateway"}
-firezone-headless-client = { path = "headless-client"}
-headless-utils = { path = "headless-utils"}
+firezone-linux-client = { path = "linux-client"}
+firezone-cli-utils = { path = "firezone-cli-utils"}
 connlib-shared = { path = "connlib/shared"}
 firezone-tunnel = { path = "connlib/tunnel"}
 phoenix-channel = { path = "phoenix-channel"}

rust/firezone-cli-utils/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "headless-utils"
+name = "firezone-cli-utils"
 # mark:automatic-version
 version = "1.20231001.0"
 edition = "2021"

rust/firezone-cli-utils/src/lib.rs

@@ -21,13 +21,18 @@ where
     tracing::subscriber::set_global_default(subscriber).expect("Could not set global default");
 }
 
-/// Arguments common to all headless FZ apps.
+/// Arguments common to all Firezone CLI components.
 #[derive(Args, Clone)]
 pub struct CommonArgs {
-    /// Portal's websocket url
-    #[arg(short, long, env = "FZ_URL")]
-    pub url: Url,
-    /// Service token
-    #[arg(short, long, env = "FZ_SECRET")]
-    pub secret: String,
+    /// Firezone admin portal websocket URL
+    #[arg(
+        short,
+        long,
+        env = "PORTAL_URL",
+        default_value = "wss://api.firezone.dev"
+    )]
+    pub portal_url: Url,
+    /// Token generated by the portal to authorize websocket connection.
+    #[arg(short, long, env = "PORTAL_TOKEN")]
+    pub portal_token: String,
 }

rust/gateway/Cargo.toml

@@ -17,7 +17,7 @@ connlib-shared = { workspace = true }
 firezone-tunnel = { workspace = true }
 futures = "0.3.28"
 futures-bounded = "0.1.0"
-headless-utils = { workspace = true }
+firezone-cli-utils = { workspace = true }
 phoenix-channel = { workspace = true }
 secrecy = { workspace = true }
 serde = { version = "1.0", default-features = false, features = ["std", "derive"] }

rust/gateway/README.md

@@ -0,0 +1,32 @@
+# gateway
+
+This crate houses the Firezone gateway.
+
+## Building
+
+You can build the gateway using: `cargo build --release --bin firezone-gateway`
+
+You should then find a binary in `target/release/firezone-gateway`.
+
+## Running
+
+To run the gateway:
+
+```
+firezone-gateway --portal_token <portal_token>
+```
+
+where `portal_token` is the token shown when creating a gateway group in the
+Firezone admin portal.
+
+If you're running as an unprivileged user, you'll need the `CAP_NET_ADMIN`
+capability to open `/dev/net/tun`. You can add this to the gateway binary with:
+
+```
+sudo setcap 'cap_net_admin+eip' /path/to/firezone-gateway
+```
+
+### Ports
+
+The gateway requires no open ports. Connections automatically traverse NAT with
+STUN/TURN via the [relay](../relay).

rust/gateway/src/main.rs

@@ -4,9 +4,9 @@ use anyhow::{Context, Result};
 use backoff::ExponentialBackoffBuilder;
 use clap::Parser;
 use connlib_shared::{get_device_id, get_user_agent, login_url, Callbacks, Mode};
+use firezone_cli_utils::{setup_global_subscriber, CommonArgs};
 use firezone_tunnel::{GatewayState, Tunnel};
 use futures::{future, TryFutureExt};
-use headless_utils::{setup_global_subscriber, CommonArgs};
 use phoenix_channel::SecureUrl;
 use secrecy::{Secret, SecretString};
 use std::convert::Infallible;
@@ -24,8 +24,8 @@ async fn main() -> Result<()> {
 
     let (connect_url, private_key) = login_url(
         Mode::Gateway,
-        cli.common.url,
-        SecretString::new(cli.common.secret),
+        cli.common.portal_url,
+        SecretString::new(cli.common.portal_token),
         get_device_id(),
     )?;
     let tunnel = Arc::new(Tunnel::new(private_key, CallbackHandler).await?);

rust/linux-client/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "firezone-headless-client"
+name = "firezone-linux-client"
 # mark:automatic-version
 version = "1.20231001.0"
 edition = "2021"
@@ -9,7 +9,7 @@ edition = "2021"
 [dependencies]
 secrecy = { workspace = true }
 connlib-client-shared = { workspace = true }
-headless-utils = { workspace = true }
+firezone-cli-utils = { workspace = true }
 anyhow = { version = "1.0" }
 tracing = { workspace = true }
 clap = { version = "4.4", features = ["derive",  "env"] }

rust/linux-client/README.md

@@ -0,0 +1,28 @@
+# linux-client
+
+This crate houses the Firezone linux client.
+
+## Building
+
+You can build the linux client using:
+`cargo build --release --bin firezone-linux-client`
+
+You should then find a binary in `target/release/firezone-linux-client`.
+
+## Running
+
+To run the linux client:
+
+```
+firezone-linux-client --portal_token <portal_token>
+```
+
+where `portal_token` is the token shown when creating a client group in the
+Firezone admin portal.
+
+If you're running as an unprivileged user, you'll need the `CAP_NET_ADMIN`
+capability to open `/dev/net/tun`. You can add this to the client binary with:
+
+```
+sudo setcap 'cap_net_admin+eip' /path/to/firezone-linux-client
+```

rust/linux-client/src/main.rs

@@ -1,7 +1,7 @@
 use anyhow::Result;
 use clap::Parser;
 use connlib_client_shared::{file_logger, get_device_id, Callbacks, Error, Session};
-use headless_utils::{block_on_ctrl_c, setup_global_subscriber, CommonArgs};
+use firezone_cli_utils::{block_on_ctrl_c, setup_global_subscriber, CommonArgs};
 use secrecy::SecretString;
 use std::path::PathBuf;
 
@@ -14,8 +14,8 @@ fn main() -> Result<()> {
     let device_id = get_device_id();
 
     let mut session = Session::connect(
-        cli.common.url,
-        SecretString::from(cli.common.secret),
+        cli.common.portal_url,
+        SecretString::from(cli.common.portal_token),
         device_id,
         CallbackHandler { handle },
     )

rust/relay/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "relay"
+name = "firezone-relay"
 # mark:automatic-version
 version = "1.20231001.0"
 edition = "2021"

rust/relay/README.md

@@ -16,28 +16,48 @@ Relaying of data through other means such as DATA frames is not supported.
 
 ## Building
 
-You can build the server using: `cargo build --release --bin relay`
+You can build the relay using: `cargo build --release --bin firezone-relay`
+
+You should then find a binary in `target/release/firezone-relay`.
 
 ## Running
 
-For an up-to-date documentation on the available configurations options and a detailed help text, run `cargo run --bin relay -- --help`.
-All command-line options can be overridden using environment variables.
-Those variables are listed in the `--help` output at the bottom of each command.
+To run the relay:
 
-The relay listens on port `3478`.
-This is the standard port for STUN/TURN and not configurable.
-Additionally, the relay needs to have access to the port range `49152` - `65535` for the allocations.
+```
+firezone-relay --portal_token <portal_token>
+```
 
-## Portal connection
+where `portal_token` is the token shown when creating a Relay in the Firezone
+admin portal.
 
-When given a portal endpoint, the relay will connect to it and wait for an `init` message before commencing relay operations.
+For an up-to-date documentation on the available configurations options and a
+detailed help text, run `cargo run --bin relay -- --help`. All command-line
+options can be overridden using environment variables. Those variables are
+listed in the `--help` output at the bottom of each command.
+
+### Ports
+
+The relay listens on port `3478`. This is the standard port for STUN/TURN and
+not configurable. Additionally, the relay needs to have access to the port range
+`49152` - `65535` for the allocations.
+
+### Portal Connection
+
+When given a `portal_token`, the relay will connect to the Firezone portal
+(default `wss://api.firezone.dev`) and wait for an `init` message before
+commencing relay operations.
 
 ## Design
 
-The relay is designed in a sans-IO fashion, meaning the core components do not cause side effects but operate as pure, synchronous state machines.
-They take in data and emit commands: wake me at this point in time, send these bytes to this peer, etc.
+The relay is designed in a sans-IO fashion, meaning the core components do not
+cause side effects but operate as pure, synchronous state machines. They take in
+data and emit commands: wake me at this point in time, send these bytes to this
+peer, etc.
 
-This allows us to very easily unit-test all kinds of scenarios because all inputs are simple values.
+This allows us to very easily unit-test all kinds of scenarios because all
+inputs are simple values.
 
-The main server runs in a single task and spawns one additional task for each allocation.
-Incoming data that needs to be relayed is forwarded to the main task where it gets authenticated and relayed on success.
+The main server runs in a single task and spawns one additional task for each
+allocation. Incoming data that needs to be relayed is forwarded to the main task
+where it gets authenticated and relayed on success.

rust/relay/run_smoke_test.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 
-cargo build --package relay --bin relay --example client --example gateway
+cargo build --package firezone-relay --bin firezone-relay --example client --example gateway
 
 cleanup() {
   pkill -P $$ || true # Kill all child-processes of the current process.
@@ -19,11 +19,11 @@ NC=$(echo -e '\033[0m')
 target_directory=$(cargo metadata --format-version 1 | jq -r '.target_directory')
 client="$target_directory/debug/examples/client"
 gateway="$target_directory/debug/examples/gateway"
-relay="$target_directory/debug/relay"
+relay="$target_directory/debug/firezone-relay"
 
 export PUBLIC_IP4_ADDR=127.0.0.1;
 export RNG_SEED=0;
-export RUST_LOG=relay=debug;
+export RUST_LOG=firezone_relay=debug;
 
 # Client and relay run in the background.
 $client 2>&1 | sed "s/^/${RED}[ client]${NC} /" &

rust/relay/src/main.rs

@@ -1,5 +1,9 @@
 use anyhow::{anyhow, bail, Context, Result};
 use clap::Parser;
+use firezone_relay::{
+    AddressFamily, Allocation, AllocationId, Command, IpStack, Server, Sleep, SocketAddrExt,
+    UdpSocket,
+};
 use futures::channel::mpsc;
 use futures::{future, FutureExt, SinkExt, StreamExt};
 use opentelemetry::{sdk, KeyValue};
@@ -7,10 +11,6 @@ use opentelemetry_otlp::WithExportConfig;
 use phoenix_channel::{Error, Event, PhoenixChannel, SecureUrl};
 use rand::rngs::StdRng;
 use rand::{Rng, SeedableRng};
-use relay::{
-    AddressFamily, Allocation, AllocationId, Command, IpStack, Server, Sleep, SocketAddrExt,
-    UdpSocket,
-};
 use secrecy::{Secret, SecretString};
 use std::collections::hash_map::Entry;
 use std::collections::HashMap;
@@ -45,9 +45,9 @@ struct Args {
     /// The highest port used for TURN allocations.
     #[arg(long, env, default_value = "65535")]
     highest_port: u16,
-    /// The websocket URL of the portal server to connect to.
+    /// Firezone admin portal websocket URL
     #[arg(long, env, default_value = "wss://api.firezone.dev")]
-    portal_ws_url: Url,
+    portal_url: Url,
     /// Token generated by the portal to authorize websocket connection.
     ///
     /// If omitted, we won't connect to the portal on startup.
@@ -107,7 +107,7 @@ async fn main() -> Result<()> {
     );
 
     let channel = if let Some(token) = args.portal_token.as_ref() {
-        let base_url = args.portal_ws_url.clone();
+        let base_url = args.portal_url.clone();
         let stamp_secret = server.auth_secret();
 
         let span = tracing::error_span!("connect_to_portal", config_url = %base_url);
@@ -123,7 +123,7 @@ async fn main() -> Result<()> {
 
     let mut eventloop = Eventloop::new(server, channel, public_addr)?;
 
-    tokio::spawn(relay::health_check::serve(args.health_check_addr));
+    tokio::spawn(firezone_relay::health_check::serve(args.health_check_addr));
 
     tracing::info!("Listening for incoming traffic on UDP port 3478");
 

rust/relay/tests/regression.rs

@@ -1,9 +1,9 @@
 use bytecodec::{DecodeExt, EncodeExt};
-use rand::rngs::mock::StepRng;
-use relay::{
+use firezone_relay::{
     AddressFamily, Allocate, AllocationId, Attribute, Binding, ChannelBind, ChannelData,
     ClientMessage, Command, IpStack, Refresh, Server,
 };
+use rand::rngs::mock::StepRng;
 use secrecy::SecretString;
 use std::collections::HashMap;
 use std::iter;
@@ -21,7 +21,7 @@ use Output::{CreateAllocation, FreeAllocation, Wake};
 
 #[proptest]
 fn can_answer_stun_request_from_ip4_address(
-    #[strategy(relay::proptest::binding())] request: Binding,
+    #[strategy(firezone_relay::proptest::binding())] request: Binding,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
 ) {
@@ -41,13 +41,13 @@ fn can_answer_stun_request_from_ip4_address(
 
 #[proptest]
 fn deallocate_once_time_expired(
-    #[strategy(relay::proptest::transaction_id())] transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let mut server = TestServer::new(public_relay_addr).with_nonce(nonce);
     let secret = server.auth_secret();
@@ -82,12 +82,12 @@ fn deallocate_once_time_expired(
 
 #[proptest]
 fn unauthenticated_allocate_triggers_authentication(
-    #[strategy(relay::proptest::transaction_id())] transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
 ) {
     // Nonces are generated randomly and we control the randomness in the test, thus this is deterministic.
     let first_nonce = Uuid::from_u128(0x0);
@@ -132,15 +132,15 @@ fn unauthenticated_allocate_triggers_authentication(
 
 #[proptest]
 fn when_refreshed_in_time_allocation_does_not_expire(
-    #[strategy(relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
-    #[strategy(relay::proptest::transaction_id())] refresh_transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime,
-    #[strategy(relay::proptest::allocation_lifetime())] refresh_lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::transaction_id())] refresh_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] refresh_lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let mut server = TestServer::new(public_relay_addr).with_nonce(nonce);
     let secret = server.auth_secret().to_owned();
@@ -209,14 +209,14 @@ fn when_refreshed_in_time_allocation_does_not_expire(
 }
 #[proptest]
 fn when_receiving_lifetime_0_for_existing_allocation_then_delete(
-    #[strategy(relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
-    #[strategy(relay::proptest::transaction_id())] refresh_transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::transaction_id())] refresh_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let mut server = TestServer::new(public_relay_addr).with_nonce(nonce);
     let secret = server.auth_secret().to_owned();
@@ -288,18 +288,19 @@ fn when_receiving_lifetime_0_for_existing_allocation_then_delete(
 
 #[proptest]
 fn ping_pong_relay(
-    #[strategy(relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
-    #[strategy(relay::proptest::transaction_id())] channel_bind_transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
-    #[strategy(relay::proptest::channel_number())] channel: ChannelNumber,
+    #[strategy(firezone_relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::transaction_id())]
+    channel_bind_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::channel_number())] channel: ChannelNumber,
     source: SocketAddrV4,
     peer: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
     peer_to_client_ping: [u8; 32],
     client_to_peer_ping: [u8; 32],
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let _ = env_logger::try_init();
 
@@ -377,14 +378,14 @@ fn ping_pong_relay(
 
 #[proptest]
 fn can_make_ipv6_allocation(
-    #[strategy(relay::proptest::transaction_id())] transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_ip4_addr: Ipv4Addr,
     public_relay_ip6_addr: Ipv6Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let mut server =
         TestServer::new((public_relay_ip4_addr, public_relay_ip6_addr)).with_nonce(nonce);

terraform/environments/staging/main.tf

@@ -691,7 +691,7 @@ module "relays" {
   image      = "relay"
   image_tag  = var.relay_image_tag
 
-  observability_log_level = "debug,relay=trace,hyper=off,h2=warn,tower=warn,wire=trace"
+  observability_log_level = "debug,firezone_relay=trace,hyper=off,h2=warn,tower=warn,wire=trace"
 
   application_name    = "relay"
   application_version = replace(var.relay_image_tag, ".", "-")

terraform/modules/relay-app/main.tf

@@ -43,7 +43,7 @@ locals {
       value = var.portal_token
     },
     {
-      name  = "PORTAL_WS_URL"
+      name  = "PORTAL_URL"
       value = var.portal_websocket_url
     }
   ], var.application_environment_variables)