diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bd6f1fa66..b7204a7e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,12 +55,12 @@ jobs: target: runtime context: rust build-args: | - PACKAGE=relay + PACKAGE=firezone-relay - image_name: client target: runtime context: rust build-args: | - PACKAGE=firezone-headless-client + PACKAGE=firezone-linux-client - image_name: elixir target: compiler context: elixir diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 34a5cb2fe..93261d099 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -47,9 +47,9 @@ jobs: # TODO: https://github.com/rust-lang/cargo/issues/5220 include: - runs-on: ubuntu-20.04 - packages: -p firezone-headless-client -p firezone-gateway -p connlib-client-android + packages: -p firezone-linux-client -p firezone-gateway -p connlib-client-android - runs-on: ubuntu-22.04 - packages: -p firezone-headless-client -p firezone-gateway -p connlib-client-android + packages: -p firezone-linux-client -p firezone-gateway -p connlib-client-android - runs-on: macos-12 packages: -p connlib-client-apple - runs-on: macos-13 diff --git a/docker-compose.yml b/docker-compose.yml index b1b18d78c..6734ffb05 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -113,16 +113,16 @@ services: client: environment: - FZ_URL: "ws://api:8081/" - FZ_SECRET: "SFMyNTY.g2gDaAN3CGlkZW50aXR5bQAAACQ3ZGE3ZDFjZC0xMTFjLTQ0YTctYjVhYy00MDI3YjlkMjMwZTVtAAAAIBn8Xu1jtFlxZxp4ZvAz0f0QEN2PZThA-7awHMPxn_tHbgYAbLRvQokBYgHhM38.pM-prhb7uvvCVKf51-tAUMEtMzLPZk1n3nLsY44dGFA" - RUST_LOG: firezone_headless_client=trace,connlib_client_shared=trace,firezone_tunnel=trace,connlib_shared=trace,warn + PORTAL_URL: "ws://api:8081/" + PORTAL_TOKEN: "SFMyNTY.g2gDaAN3CGlkZW50aXR5bQAAACQ3ZGE3ZDFjZC0xMTFjLTQ0YTctYjVhYy00MDI3YjlkMjMwZTVtAAAAIBn8Xu1jtFlxZxp4ZvAz0f0QEN2PZThA-7awHMPxn_tHbgYAbLRvQokBYgHhM38.pM-prhb7uvvCVKf51-tAUMEtMzLPZk1n3nLsY44dGFA" + RUST_LOG: firezone_linux_client=trace,connlib_client_shared=trace,firezone_tunnel=trace,connlib_shared=trace,warn build: context: rust dockerfile: Dockerfile cache_from: - type=registry,ref=us-east1-docker.pkg.dev/firezone-staging/firezone/cache/client:main args: - PACKAGE: firezone-headless-client + PACKAGE: firezone-linux-client image: us-east1-docker.pkg.dev/firezone-staging/firezone/client:${VERSION:-main} dns: - 100.100.111.1 @@ -148,8 +148,8 @@ services: healthcheck: test: ["CMD-SHELL", "ip link | grep tun-firezone"] environment: - FZ_URL: "ws://api:8081/" - FZ_SECRET: "SFMyNTY.g2gDaAJtAAAAJDNjZWYwNTY2LWFkZmQtNDhmZS1hMGYxLTU4MDY3OTYwOGY2Zm0AAABAamp0enhSRkpQWkdCYy1vQ1o5RHkyRndqd2FIWE1BVWRwenVScjJzUnJvcHg3NS16bmhfeHBfNWJUNU9uby1yYm4GAEC0b0KJAWIAAVGA.9Oirn9t8rvQpfOhW7hwGBFVzeMm9di0xYGTlwf9cFFk" + PORTAL_URL: "ws://api:8081/" + PORTAL_TOKEN: "SFMyNTY.g2gDaAJtAAAAJDNjZWYwNTY2LWFkZmQtNDhmZS1hMGYxLTU4MDY3OTYwOGY2Zm0AAABAamp0enhSRkpQWkdCYy1vQ1o5RHkyRndqd2FIWE1BVWRwenVScjJzUnJvcHg3NS16bmhfeHBfNWJUNU9uby1yYm4GAEC0b0KJAWIAAVGA.9Oirn9t8rvQpfOhW7hwGBFVzeMm9di0xYGTlwf9cFFk" RUST_LOG: firezone_gateway=trace,connlib_gateway_shared=trace,firezone_tunnel=trace,connlib_shared=trace,warn ENABLE_MASQUERADE: 1 build: @@ -199,7 +199,7 @@ services: PUBLIC_IP6_ADDR: fcff:3990:3990::101 LOWEST_PORT: 55555 HIGHEST_PORT: 55666 - PORTAL_WS_URL: "ws://api:8081/" + PORTAL_URL: "ws://api:8081/" PORTAL_TOKEN: "SFMyNTY.g2gDaAJtAAAAJDcyODZiNTNkLTA3M2UtNGM0MS05ZmYxLWNjODQ1MWRhZDI5OW0AAABARVg3N0dhMEhLSlVWTGdjcE1yTjZIYXRkR25mdkFEWVFyUmpVV1d5VHFxdDdCYVVkRVUzbzktRmJCbFJkSU5JS24GAFSzb0KJAWIAAVGA.waeGE26tbgkgIcMrWyck0ysv9SHIoHr0zqoM3wao84M" RUST_LOG: "debug" RUST_BACKTRACE: 1 @@ -209,10 +209,10 @@ services: cache_from: - type=registry,ref=us-east1-docker.pkg.dev/firezone-staging/firezone/cache/relay:main args: - PACKAGE: relay + PACKAGE: firezone-relay image: us-east1-docker.pkg.dev/firezone-staging/firezone/relay:${VERSION:-main} healthcheck: - test: ["CMD-SHELL", "lsof -i UDP | grep relay"] + test: ["CMD-SHELL", "lsof -i UDP | grep firezone-relay"] start_period: 20s interval: 30s retries: 5 diff --git a/rust/Cargo.lock b/rust/Cargo.lock index 9bc79ea1d..47c901507 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -1118,6 +1118,18 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0870c84016d4b481be5c9f323c24f65e31e901ae618f0e80f4308fb00de1d2d" +[[package]] +name = "firezone-cli-utils" +version = "1.20231001.0" +dependencies = [ + "clap", + "ctrlc", + "ip_network", + "tracing", + "tracing-subscriber", + "url", +] + [[package]] name = "firezone-gateway" version = "1.20231001.0" @@ -1129,10 +1141,10 @@ dependencies = [ "chrono", "clap", "connlib-shared", + "firezone-cli-utils", "firezone-tunnel", "futures", "futures-bounded 0.1.0", - "headless-utils", "phoenix-channel", "secrecy", "serde", @@ -1146,18 +1158,60 @@ dependencies = [ ] [[package]] -name = "firezone-headless-client" +name = "firezone-linux-client" version = "1.20231001.0" dependencies = [ "anyhow", "clap", "connlib-client-shared", - "headless-utils", + "firezone-cli-utils", "secrecy", "tracing", "tracing-subscriber", ] +[[package]] +name = "firezone-relay" +version = "1.20231001.0" +dependencies = [ + "anyhow", + "axum", + "base64 0.21.4", + "bytecodec", + "bytes", + "clap", + "derive_more", + "difference", + "env_logger", + "futures", + "hex", + "hex-literal", + "once_cell", + "opentelemetry", + "opentelemetry-otlp", + "opentelemetry_api", + "phoenix-channel", + "proptest", + "rand", + "redis", + "secrecy", + "serde", + "sha2", + "socket2 0.5.4", + "stun_codec", + "test-strategy", + "tokio", + "tracing", + "tracing-core", + "tracing-opentelemetry 0.21.0", + "tracing-stackdriver", + "tracing-subscriber", + "trackable 1.3.0", + "url", + "uuid", + "webrtc", +] + [[package]] name = "firezone-tunnel" version = "1.20231001.0" @@ -1421,18 +1475,6 @@ version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" -[[package]] -name = "headless-utils" -version = "1.20231001.0" -dependencies = [ - "clap", - "ctrlc", - "ip_network", - "tracing", - "tracing-subscriber", - "url", -] - [[package]] name = "heck" version = "0.4.1" @@ -2798,48 +2840,6 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" -[[package]] -name = "relay" -version = "1.20231001.0" -dependencies = [ - "anyhow", - "axum", - "base64 0.21.4", - "bytecodec", - "bytes", - "clap", - "derive_more", - "difference", - "env_logger", - "futures", - "hex", - "hex-literal", - "once_cell", - "opentelemetry", - "opentelemetry-otlp", - "opentelemetry_api", - "phoenix-channel", - "proptest", - "rand", - "redis", - "secrecy", - "serde", - "sha2", - "socket2 0.5.4", - "stun_codec", - "test-strategy", - "tokio", - "tracing", - "tracing-core", - "tracing-opentelemetry 0.21.0", - "tracing-stackdriver", - "tracing-subscriber", - "trackable 1.3.0", - "url", - "uuid", - "webrtc", -] - [[package]] name = "reqwest" version = "0.11.22" diff --git a/rust/Cargo.toml b/rust/Cargo.toml index 632cdd868..75eef3060 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -6,8 +6,8 @@ members = [ "connlib/shared", "connlib/tunnel", "gateway", - "headless-client", - "headless-utils", + "linux-client", + "firezone-cli-utils", "phoenix-channel", "relay", ] @@ -29,8 +29,8 @@ connlib-client-android = { path = "connlib/clients/android"} connlib-client-apple = { path = "connlib/clients/apple"} connlib-client-shared = { path = "connlib/clients/shared"} firezone-gateway = { path = "gateway"} -firezone-headless-client = { path = "headless-client"} -headless-utils = { path = "headless-utils"} +firezone-linux-client = { path = "linux-client"} +firezone-cli-utils = { path = "firezone-cli-utils"} connlib-shared = { path = "connlib/shared"} firezone-tunnel = { path = "connlib/tunnel"} phoenix-channel = { path = "phoenix-channel"} diff --git a/rust/headless-utils/Cargo.toml b/rust/firezone-cli-utils/Cargo.toml similarity index 93% rename from rust/headless-utils/Cargo.toml rename to rust/firezone-cli-utils/Cargo.toml index 8ef609f9e..12fb30a40 100644 --- a/rust/headless-utils/Cargo.toml +++ b/rust/firezone-cli-utils/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "headless-utils" +name = "firezone-cli-utils" # mark:automatic-version version = "1.20231001.0" edition = "2021" diff --git a/rust/headless-utils/src/lib.rs b/rust/firezone-cli-utils/src/lib.rs similarity index 68% rename from rust/headless-utils/src/lib.rs rename to rust/firezone-cli-utils/src/lib.rs index f48f6e6d1..1b140100c 100644 --- a/rust/headless-utils/src/lib.rs +++ b/rust/firezone-cli-utils/src/lib.rs @@ -21,13 +21,18 @@ where tracing::subscriber::set_global_default(subscriber).expect("Could not set global default"); } -/// Arguments common to all headless FZ apps. +/// Arguments common to all Firezone CLI components. #[derive(Args, Clone)] pub struct CommonArgs { - /// Portal's websocket url - #[arg(short, long, env = "FZ_URL")] - pub url: Url, - /// Service token - #[arg(short, long, env = "FZ_SECRET")] - pub secret: String, + /// Firezone admin portal websocket URL + #[arg( + short, + long, + env = "PORTAL_URL", + default_value = "wss://api.firezone.dev" + )] + pub portal_url: Url, + /// Token generated by the portal to authorize websocket connection. + #[arg(short, long, env = "PORTAL_TOKEN")] + pub portal_token: String, } diff --git a/rust/gateway/Cargo.toml b/rust/gateway/Cargo.toml index 836be2ab7..dd1be97bb 100644 --- a/rust/gateway/Cargo.toml +++ b/rust/gateway/Cargo.toml @@ -17,7 +17,7 @@ connlib-shared = { workspace = true } firezone-tunnel = { workspace = true } futures = "0.3.28" futures-bounded = "0.1.0" -headless-utils = { workspace = true } +firezone-cli-utils = { workspace = true } phoenix-channel = { workspace = true } secrecy = { workspace = true } serde = { version = "1.0", default-features = false, features = ["std", "derive"] } diff --git a/rust/gateway/README.md b/rust/gateway/README.md new file mode 100644 index 000000000..7604501e8 --- /dev/null +++ b/rust/gateway/README.md @@ -0,0 +1,32 @@ +# gateway + +This crate houses the Firezone gateway. + +## Building + +You can build the gateway using: `cargo build --release --bin firezone-gateway` + +You should then find a binary in `target/release/firezone-gateway`. + +## Running + +To run the gateway: + +``` +firezone-gateway --portal_token +``` + +where `portal_token` is the token shown when creating a gateway group in the +Firezone admin portal. + +If you're running as an unprivileged user, you'll need the `CAP_NET_ADMIN` +capability to open `/dev/net/tun`. You can add this to the gateway binary with: + +``` +sudo setcap 'cap_net_admin+eip' /path/to/firezone-gateway +``` + +### Ports + +The gateway requires no open ports. Connections automatically traverse NAT with +STUN/TURN via the [relay](../relay). diff --git a/rust/gateway/src/main.rs b/rust/gateway/src/main.rs index 2e70fe858..cb348428e 100644 --- a/rust/gateway/src/main.rs +++ b/rust/gateway/src/main.rs @@ -4,9 +4,9 @@ use anyhow::{Context, Result}; use backoff::ExponentialBackoffBuilder; use clap::Parser; use connlib_shared::{get_device_id, get_user_agent, login_url, Callbacks, Mode}; +use firezone_cli_utils::{setup_global_subscriber, CommonArgs}; use firezone_tunnel::{GatewayState, Tunnel}; use futures::{future, TryFutureExt}; -use headless_utils::{setup_global_subscriber, CommonArgs}; use phoenix_channel::SecureUrl; use secrecy::{Secret, SecretString}; use std::convert::Infallible; @@ -24,8 +24,8 @@ async fn main() -> Result<()> { let (connect_url, private_key) = login_url( Mode::Gateway, - cli.common.url, - SecretString::new(cli.common.secret), + cli.common.portal_url, + SecretString::new(cli.common.portal_token), get_device_id(), )?; let tunnel = Arc::new(Tunnel::new(private_key, CallbackHandler).await?); diff --git a/rust/headless-client/Cargo.toml b/rust/linux-client/Cargo.toml similarity index 86% rename from rust/headless-client/Cargo.toml rename to rust/linux-client/Cargo.toml index d9c7b5e61..edf747fdd 100644 --- a/rust/headless-client/Cargo.toml +++ b/rust/linux-client/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "firezone-headless-client" +name = "firezone-linux-client" # mark:automatic-version version = "1.20231001.0" edition = "2021" @@ -9,7 +9,7 @@ edition = "2021" [dependencies] secrecy = { workspace = true } connlib-client-shared = { workspace = true } -headless-utils = { workspace = true } +firezone-cli-utils = { workspace = true } anyhow = { version = "1.0" } tracing = { workspace = true } clap = { version = "4.4", features = ["derive", "env"] } diff --git a/rust/linux-client/README.md b/rust/linux-client/README.md new file mode 100644 index 000000000..5bf474f22 --- /dev/null +++ b/rust/linux-client/README.md @@ -0,0 +1,28 @@ +# linux-client + +This crate houses the Firezone linux client. + +## Building + +You can build the linux client using: +`cargo build --release --bin firezone-linux-client` + +You should then find a binary in `target/release/firezone-linux-client`. + +## Running + +To run the linux client: + +``` +firezone-linux-client --portal_token +``` + +where `portal_token` is the token shown when creating a client group in the +Firezone admin portal. + +If you're running as an unprivileged user, you'll need the `CAP_NET_ADMIN` +capability to open `/dev/net/tun`. You can add this to the client binary with: + +``` +sudo setcap 'cap_net_admin+eip' /path/to/firezone-linux-client +``` diff --git a/rust/headless-client/src/main.rs b/rust/linux-client/src/main.rs similarity index 89% rename from rust/headless-client/src/main.rs rename to rust/linux-client/src/main.rs index 5db84bb38..645cdb4cd 100644 --- a/rust/headless-client/src/main.rs +++ b/rust/linux-client/src/main.rs @@ -1,7 +1,7 @@ use anyhow::Result; use clap::Parser; use connlib_client_shared::{file_logger, get_device_id, Callbacks, Error, Session}; -use headless_utils::{block_on_ctrl_c, setup_global_subscriber, CommonArgs}; +use firezone_cli_utils::{block_on_ctrl_c, setup_global_subscriber, CommonArgs}; use secrecy::SecretString; use std::path::PathBuf; @@ -14,8 +14,8 @@ fn main() -> Result<()> { let device_id = get_device_id(); let mut session = Session::connect( - cli.common.url, - SecretString::from(cli.common.secret), + cli.common.portal_url, + SecretString::from(cli.common.portal_token), device_id, CallbackHandler { handle }, ) diff --git a/rust/relay/Cargo.toml b/rust/relay/Cargo.toml index 4080df83f..164e12566 100644 --- a/rust/relay/Cargo.toml +++ b/rust/relay/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "relay" +name = "firezone-relay" # mark:automatic-version version = "1.20231001.0" edition = "2021" diff --git a/rust/relay/README.md b/rust/relay/README.md index 14ac91a7c..3430f53e4 100644 --- a/rust/relay/README.md +++ b/rust/relay/README.md @@ -16,28 +16,48 @@ Relaying of data through other means such as DATA frames is not supported. ## Building -You can build the server using: `cargo build --release --bin relay` +You can build the relay using: `cargo build --release --bin firezone-relay` + +You should then find a binary in `target/release/firezone-relay`. ## Running -For an up-to-date documentation on the available configurations options and a detailed help text, run `cargo run --bin relay -- --help`. -All command-line options can be overridden using environment variables. -Those variables are listed in the `--help` output at the bottom of each command. +To run the relay: -The relay listens on port `3478`. -This is the standard port for STUN/TURN and not configurable. -Additionally, the relay needs to have access to the port range `49152` - `65535` for the allocations. +``` +firezone-relay --portal_token +``` -## Portal connection +where `portal_token` is the token shown when creating a Relay in the Firezone +admin portal. -When given a portal endpoint, the relay will connect to it and wait for an `init` message before commencing relay operations. +For an up-to-date documentation on the available configurations options and a +detailed help text, run `cargo run --bin relay -- --help`. All command-line +options can be overridden using environment variables. Those variables are +listed in the `--help` output at the bottom of each command. + +### Ports + +The relay listens on port `3478`. This is the standard port for STUN/TURN and +not configurable. Additionally, the relay needs to have access to the port range +`49152` - `65535` for the allocations. + +### Portal Connection + +When given a `portal_token`, the relay will connect to the Firezone portal +(default `wss://api.firezone.dev`) and wait for an `init` message before +commencing relay operations. ## Design -The relay is designed in a sans-IO fashion, meaning the core components do not cause side effects but operate as pure, synchronous state machines. -They take in data and emit commands: wake me at this point in time, send these bytes to this peer, etc. +The relay is designed in a sans-IO fashion, meaning the core components do not +cause side effects but operate as pure, synchronous state machines. They take in +data and emit commands: wake me at this point in time, send these bytes to this +peer, etc. -This allows us to very easily unit-test all kinds of scenarios because all inputs are simple values. +This allows us to very easily unit-test all kinds of scenarios because all +inputs are simple values. -The main server runs in a single task and spawns one additional task for each allocation. -Incoming data that needs to be relayed is forwarded to the main task where it gets authenticated and relayed on success. +The main server runs in a single task and spawns one additional task for each +allocation. Incoming data that needs to be relayed is forwarded to the main task +where it gets authenticated and relayed on success. diff --git a/rust/relay/run_smoke_test.sh b/rust/relay/run_smoke_test.sh index 05c777639..c671f8389 100755 --- a/rust/relay/run_smoke_test.sh +++ b/rust/relay/run_smoke_test.sh @@ -1,7 +1,7 @@ #!/bin/bash set -e -cargo build --package relay --bin relay --example client --example gateway +cargo build --package firezone-relay --bin firezone-relay --example client --example gateway cleanup() { pkill -P $$ || true # Kill all child-processes of the current process. @@ -19,11 +19,11 @@ NC=$(echo -e '\033[0m') target_directory=$(cargo metadata --format-version 1 | jq -r '.target_directory') client="$target_directory/debug/examples/client" gateway="$target_directory/debug/examples/gateway" -relay="$target_directory/debug/relay" +relay="$target_directory/debug/firezone-relay" export PUBLIC_IP4_ADDR=127.0.0.1; export RNG_SEED=0; -export RUST_LOG=relay=debug; +export RUST_LOG=firezone_relay=debug; # Client and relay run in the background. $client 2>&1 | sed "s/^/${RED}[ client]${NC} /" & diff --git a/rust/relay/src/main.rs b/rust/relay/src/main.rs index ea8055131..e6bb1921e 100644 --- a/rust/relay/src/main.rs +++ b/rust/relay/src/main.rs @@ -1,5 +1,9 @@ use anyhow::{anyhow, bail, Context, Result}; use clap::Parser; +use firezone_relay::{ + AddressFamily, Allocation, AllocationId, Command, IpStack, Server, Sleep, SocketAddrExt, + UdpSocket, +}; use futures::channel::mpsc; use futures::{future, FutureExt, SinkExt, StreamExt}; use opentelemetry::{sdk, KeyValue}; @@ -7,10 +11,6 @@ use opentelemetry_otlp::WithExportConfig; use phoenix_channel::{Error, Event, PhoenixChannel, SecureUrl}; use rand::rngs::StdRng; use rand::{Rng, SeedableRng}; -use relay::{ - AddressFamily, Allocation, AllocationId, Command, IpStack, Server, Sleep, SocketAddrExt, - UdpSocket, -}; use secrecy::{Secret, SecretString}; use std::collections::hash_map::Entry; use std::collections::HashMap; @@ -45,9 +45,9 @@ struct Args { /// The highest port used for TURN allocations. #[arg(long, env, default_value = "65535")] highest_port: u16, - /// The websocket URL of the portal server to connect to. + /// Firezone admin portal websocket URL #[arg(long, env, default_value = "wss://api.firezone.dev")] - portal_ws_url: Url, + portal_url: Url, /// Token generated by the portal to authorize websocket connection. /// /// If omitted, we won't connect to the portal on startup. @@ -107,7 +107,7 @@ async fn main() -> Result<()> { ); let channel = if let Some(token) = args.portal_token.as_ref() { - let base_url = args.portal_ws_url.clone(); + let base_url = args.portal_url.clone(); let stamp_secret = server.auth_secret(); let span = tracing::error_span!("connect_to_portal", config_url = %base_url); @@ -123,7 +123,7 @@ async fn main() -> Result<()> { let mut eventloop = Eventloop::new(server, channel, public_addr)?; - tokio::spawn(relay::health_check::serve(args.health_check_addr)); + tokio::spawn(firezone_relay::health_check::serve(args.health_check_addr)); tracing::info!("Listening for incoming traffic on UDP port 3478"); diff --git a/rust/relay/tests/regression.rs b/rust/relay/tests/regression.rs index e87832cd2..73a0d89d2 100644 --- a/rust/relay/tests/regression.rs +++ b/rust/relay/tests/regression.rs @@ -1,9 +1,9 @@ use bytecodec::{DecodeExt, EncodeExt}; -use rand::rngs::mock::StepRng; -use relay::{ +use firezone_relay::{ AddressFamily, Allocate, AllocationId, Attribute, Binding, ChannelBind, ChannelData, ClientMessage, Command, IpStack, Refresh, Server, }; +use rand::rngs::mock::StepRng; use secrecy::SecretString; use std::collections::HashMap; use std::iter; @@ -21,7 +21,7 @@ use Output::{CreateAllocation, FreeAllocation, Wake}; #[proptest] fn can_answer_stun_request_from_ip4_address( - #[strategy(relay::proptest::binding())] request: Binding, + #[strategy(firezone_relay::proptest::binding())] request: Binding, source: SocketAddrV4, public_relay_addr: Ipv4Addr, ) { @@ -41,13 +41,13 @@ fn can_answer_stun_request_from_ip4_address( #[proptest] fn deallocate_once_time_expired( - #[strategy(relay::proptest::transaction_id())] transaction_id: TransactionId, - #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime, - #[strategy(relay::proptest::username_salt())] username_salt: String, + #[strategy(firezone_relay::proptest::transaction_id())] transaction_id: TransactionId, + #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime, + #[strategy(firezone_relay::proptest::username_salt())] username_salt: String, source: SocketAddrV4, public_relay_addr: Ipv4Addr, - #[strategy(relay::proptest::now())] now: SystemTime, - #[strategy(relay::proptest::nonce())] nonce: Uuid, + #[strategy(firezone_relay::proptest::now())] now: SystemTime, + #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid, ) { let mut server = TestServer::new(public_relay_addr).with_nonce(nonce); let secret = server.auth_secret(); @@ -82,12 +82,12 @@ fn deallocate_once_time_expired( #[proptest] fn unauthenticated_allocate_triggers_authentication( - #[strategy(relay::proptest::transaction_id())] transaction_id: TransactionId, - #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime, - #[strategy(relay::proptest::username_salt())] username_salt: String, + #[strategy(firezone_relay::proptest::transaction_id())] transaction_id: TransactionId, + #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime, + #[strategy(firezone_relay::proptest::username_salt())] username_salt: String, source: SocketAddrV4, public_relay_addr: Ipv4Addr, - #[strategy(relay::proptest::now())] now: SystemTime, + #[strategy(firezone_relay::proptest::now())] now: SystemTime, ) { // Nonces are generated randomly and we control the randomness in the test, thus this is deterministic. let first_nonce = Uuid::from_u128(0x0); @@ -132,15 +132,15 @@ fn unauthenticated_allocate_triggers_authentication( #[proptest] fn when_refreshed_in_time_allocation_does_not_expire( - #[strategy(relay::proptest::transaction_id())] allocate_transaction_id: TransactionId, - #[strategy(relay::proptest::transaction_id())] refresh_transaction_id: TransactionId, - #[strategy(relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime, - #[strategy(relay::proptest::allocation_lifetime())] refresh_lifetime: Lifetime, - #[strategy(relay::proptest::username_salt())] username_salt: String, + #[strategy(firezone_relay::proptest::transaction_id())] allocate_transaction_id: TransactionId, + #[strategy(firezone_relay::proptest::transaction_id())] refresh_transaction_id: TransactionId, + #[strategy(firezone_relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime, + #[strategy(firezone_relay::proptest::allocation_lifetime())] refresh_lifetime: Lifetime, + #[strategy(firezone_relay::proptest::username_salt())] username_salt: String, source: SocketAddrV4, public_relay_addr: Ipv4Addr, - #[strategy(relay::proptest::now())] now: SystemTime, - #[strategy(relay::proptest::nonce())] nonce: Uuid, + #[strategy(firezone_relay::proptest::now())] now: SystemTime, + #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid, ) { let mut server = TestServer::new(public_relay_addr).with_nonce(nonce); let secret = server.auth_secret().to_owned(); @@ -209,14 +209,14 @@ fn when_refreshed_in_time_allocation_does_not_expire( } #[proptest] fn when_receiving_lifetime_0_for_existing_allocation_then_delete( - #[strategy(relay::proptest::transaction_id())] allocate_transaction_id: TransactionId, - #[strategy(relay::proptest::transaction_id())] refresh_transaction_id: TransactionId, - #[strategy(relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime, - #[strategy(relay::proptest::username_salt())] username_salt: String, + #[strategy(firezone_relay::proptest::transaction_id())] allocate_transaction_id: TransactionId, + #[strategy(firezone_relay::proptest::transaction_id())] refresh_transaction_id: TransactionId, + #[strategy(firezone_relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime, + #[strategy(firezone_relay::proptest::username_salt())] username_salt: String, source: SocketAddrV4, public_relay_addr: Ipv4Addr, - #[strategy(relay::proptest::now())] now: SystemTime, - #[strategy(relay::proptest::nonce())] nonce: Uuid, + #[strategy(firezone_relay::proptest::now())] now: SystemTime, + #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid, ) { let mut server = TestServer::new(public_relay_addr).with_nonce(nonce); let secret = server.auth_secret().to_owned(); @@ -288,18 +288,19 @@ fn when_receiving_lifetime_0_for_existing_allocation_then_delete( #[proptest] fn ping_pong_relay( - #[strategy(relay::proptest::transaction_id())] allocate_transaction_id: TransactionId, - #[strategy(relay::proptest::transaction_id())] channel_bind_transaction_id: TransactionId, - #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime, - #[strategy(relay::proptest::username_salt())] username_salt: String, - #[strategy(relay::proptest::channel_number())] channel: ChannelNumber, + #[strategy(firezone_relay::proptest::transaction_id())] allocate_transaction_id: TransactionId, + #[strategy(firezone_relay::proptest::transaction_id())] + channel_bind_transaction_id: TransactionId, + #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime, + #[strategy(firezone_relay::proptest::username_salt())] username_salt: String, + #[strategy(firezone_relay::proptest::channel_number())] channel: ChannelNumber, source: SocketAddrV4, peer: SocketAddrV4, public_relay_addr: Ipv4Addr, - #[strategy(relay::proptest::now())] now: SystemTime, + #[strategy(firezone_relay::proptest::now())] now: SystemTime, peer_to_client_ping: [u8; 32], client_to_peer_ping: [u8; 32], - #[strategy(relay::proptest::nonce())] nonce: Uuid, + #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid, ) { let _ = env_logger::try_init(); @@ -377,14 +378,14 @@ fn ping_pong_relay( #[proptest] fn can_make_ipv6_allocation( - #[strategy(relay::proptest::transaction_id())] transaction_id: TransactionId, - #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime, - #[strategy(relay::proptest::username_salt())] username_salt: String, + #[strategy(firezone_relay::proptest::transaction_id())] transaction_id: TransactionId, + #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime, + #[strategy(firezone_relay::proptest::username_salt())] username_salt: String, source: SocketAddrV4, public_relay_ip4_addr: Ipv4Addr, public_relay_ip6_addr: Ipv6Addr, - #[strategy(relay::proptest::now())] now: SystemTime, - #[strategy(relay::proptest::nonce())] nonce: Uuid, + #[strategy(firezone_relay::proptest::now())] now: SystemTime, + #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid, ) { let mut server = TestServer::new((public_relay_ip4_addr, public_relay_ip6_addr)).with_nonce(nonce); diff --git a/terraform/environments/staging/main.tf b/terraform/environments/staging/main.tf index dd05df8a4..679e38a55 100644 --- a/terraform/environments/staging/main.tf +++ b/terraform/environments/staging/main.tf @@ -691,7 +691,7 @@ module "relays" { image = "relay" image_tag = var.relay_image_tag - observability_log_level = "debug,relay=trace,hyper=off,h2=warn,tower=warn,wire=trace" + observability_log_level = "debug,firezone_relay=trace,hyper=off,h2=warn,tower=warn,wire=trace" application_name = "relay" application_version = replace(var.relay_image_tag, ".", "-") diff --git a/terraform/modules/relay-app/main.tf b/terraform/modules/relay-app/main.tf index a4a3540f0..581bd79bd 100644 --- a/terraform/modules/relay-app/main.tf +++ b/terraform/modules/relay-app/main.tf @@ -43,7 +43,7 @@ locals { value = var.portal_token }, { - name = "PORTAL_WS_URL" + name = "PORTAL_URL" value = var.portal_websocket_url } ], var.application_environment_variables)