From df969bdb239ca101a2bf8a06f19b59fcaf02b619 Mon Sep 17 00:00:00 2001 From: Andrew Date: Thu, 21 Jul 2022 03:46:00 -0500 Subject: [PATCH] Fix nil device error for stats push service and use live WireGuard adapter in dev. (#825) * Conditionally start WireGuard sandbox adapter if set in app env * Use Live wg adapter module in dev, sandbox in test. fz_vpn supervised children from app env --- .env.sample | 1 - apps/fz_vpn/lib/fz_vpn/application.ex | 11 ++++---- .../fz_vpn/interface/wg_adapter/sandbox.ex | 26 ++++++------------- apps/fz_vpn/lib/fz_vpn/stats_push_service.ex | 9 +------ config/config.exs | 5 ++-- config/dev.exs | 6 +---- config/prod.exs | 3 --- config/test.exs | 5 ++-- 8 files changed, 21 insertions(+), 45 deletions(-) diff --git a/.env.sample b/.env.sample index 2d0802e57..4e9dbf09c 100644 --- a/.env.sample +++ b/.env.sample @@ -18,7 +18,6 @@ PROXY_FORWARDED=true # export AUTH_OIDC="{\"google\":{\"discovery_document_uri\":\"https://accounts.google.com/.well-known/openid-configuration\",\"client_id\":\"1032390727302-u0lg90d3i1ive15lv7qgtbkka0hnsmgr.apps.googleusercontent.com\",\"client_secret\":\"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\",\"redirect_uri\":\"https://example.com/session\",\"response_type\":\"code\",\"scope\":\"openid email profile\",\"label\":\"Google\"},\"okta\":{\"discovery_document_uri\":\"https://accounts.google.com/.well-known/openid-configuration\",\"client_id\":\"CLIENT_ID\",\"client_secret\":\"CLIENT_SECRET\",\"redirect_uri\":\"https://example.com/session\",\"response_type\":\"code\",\"scope\":\"openid email profile\",\"label\":\"Okta\"}}" # Convenient overrides for live testing Firezone in dev -# FZ_VPN_WGADAPTER_MODULE=FzVpn.Interface.WGAdapter.Live # NFT_PATH=/path/to/nft # EGRESS_INTERFACE=eth0 # FZ_WALL_CLI_MODULE=FzWall.CLI.Live diff --git a/apps/fz_vpn/lib/fz_vpn/application.ex b/apps/fz_vpn/lib/fz_vpn/application.ex index df96ac385..4a8172ce8 100644 --- a/apps/fz_vpn/lib/fz_vpn/application.ex +++ b/apps/fz_vpn/lib/fz_vpn/application.ex @@ -6,14 +6,13 @@ defmodule FzVpn.Application do use Application def start(_type, _args) do - children = [ - FzVpn.Server, - FzVpn.StatsPushService - ] - # See https://hexdocs.pm/elixir/Supervisor.html # for other strategies and supported options opts = [strategy: :one_for_one, name: FzVpn.Supervisor] - Supervisor.start_link(children, opts) + Supervisor.start_link(children(), opts) + end + + defp children do + Application.fetch_env!(:fz_vpn, :supervised_children) end end diff --git a/apps/fz_vpn/lib/fz_vpn/interface/wg_adapter/sandbox.ex b/apps/fz_vpn/lib/fz_vpn/interface/wg_adapter/sandbox.ex index 9443e839f..2b3ae8962 100644 --- a/apps/fz_vpn/lib/fz_vpn/interface/wg_adapter/sandbox.ex +++ b/apps/fz_vpn/lib/fz_vpn/interface/wg_adapter/sandbox.ex @@ -5,38 +5,28 @@ defmodule FzVpn.Interface.WGAdapter.Sandbox do use GenServer - @adapter_pid :sandbox_adapter_pid + def start_link(_) do + GenServer.start_link(__MODULE__, %{}, name: __MODULE__) + end def get_device(name) do - GenServer.call(sandbox_pid(), {:get_device, name}) + GenServer.call(__MODULE__, {:get_device, name}) end def list_devices do - GenServer.call(sandbox_pid(), {:list_devices}) + GenServer.call(__MODULE__, {:list_devices}) end def set_device(config, name) do - GenServer.call(sandbox_pid(), {:set_device, config, name}) + GenServer.call(__MODULE__, {:set_device, config, name}) end def delete_device(name) do - GenServer.call(sandbox_pid(), {:delete_device, name}) + GenServer.call(__MODULE__, {:delete_device, name}) end def remove_peer(name, public_key) do - GenServer.call(sandbox_pid(), {:remove_peer, name, public_key}) - end - - defp sandbox_pid do - case Process.get(@adapter_pid) do - nil -> - {:ok, pid} = GenServer.start_link(__MODULE__, %{}) - Process.put(@adapter_pid, pid) - pid - - pid -> - pid - end + GenServer.call(__MODULE__, {:remove_peer, name, public_key}) end @impl GenServer diff --git a/apps/fz_vpn/lib/fz_vpn/stats_push_service.ex b/apps/fz_vpn/lib/fz_vpn/stats_push_service.ex index be57b9e3b..0689c1917 100644 --- a/apps/fz_vpn/lib/fz_vpn/stats_push_service.ex +++ b/apps/fz_vpn/lib/fz_vpn/stats_push_service.ex @@ -16,10 +16,7 @@ defmodule FzVpn.StatsPushService do @impl GenServer def init(state) do - if enabled?() do - :timer.send_interval(@interval, :perform) - end - + :timer.send_interval(@interval, :perform) {:ok, state} end @@ -31,8 +28,4 @@ defmodule FzVpn.StatsPushService do def push_stats do GenServer.call(Server.http_pid(), {:update_device_stats, Interface.dump(Server.iface_name())}) end - - defp enabled? do - Application.fetch_env!(:fz_vpn, :stats_push_service_enabled) - end end diff --git a/config/config.exs b/config/config.exs index 554d58727..afc1b7c20 100644 --- a/config/config.exs +++ b/config/config.exs @@ -106,8 +106,9 @@ config :fz_vpn, wireguard_interface_name: "wg-firezone", wireguard_port: 51_820, wireguard_endpoint: "127.0.0.1", - wg_adapter: FzVpn.Interface.WGAdapter.Sandbox, - server_process_opts: [name: {:global, :fz_vpn_server}] + wg_adapter: FzVpn.Interface.WGAdapter.Live, + server_process_opts: [name: {:global, :fz_vpn_server}], + supervised_children: [FzVpn.Server, FzVpn.StatsPushService] config :fz_http, FzHttpWeb.Endpoint, render_errors: [view: FzHttpWeb.ErrorView, accepts: ~w(html json)], diff --git a/config/dev.exs b/config/dev.exs index c3c551a97..b3e17f77d 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -40,17 +40,13 @@ egress_interface = System.get_env("EGRESS_INTERFACE") || get_egress_interface.() {fz_wall_cli_module, _} = Code.eval_string(System.get_env("FZ_WALL_CLI_MODULE", "FzWall.CLI.Sandbox")) -{fz_vpn_wgadapter_module, _} = - Code.eval_string(System.get_env("FZ_VPN_WGADAPTER_MODULE", "FzVpn.Interface.WGAdapter.Sandbox")) - config :fz_wall, nft_path: System.get_env("NFT_PATH", "nft"), egress_interface: egress_interface, cli: fz_wall_cli_module config :fz_vpn, - wireguard_private_key_path: "priv/wg_dev_private_key", - wg_adapter: fz_vpn_wgadapter_module + wireguard_private_key_path: "priv/wg_dev_private_key" # Auth local_auth_enabled = System.get_env("LOCAL_AUTH_ENABLED") == "true" diff --git a/config/prod.exs b/config/prod.exs index 422f89c43..8fcd0bcee 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -10,9 +10,6 @@ import Config # which you should run after static files are built and # before starting your production server. -config :fz_vpn, - wg_adapter: FzVpn.Interface.WGAdapter.Live - config :fz_wall, nft_path: "nft", cli: FzWall.CLI.Sandbox diff --git a/config/test.exs b/config/test.exs index 62a83ec35..656e44757 100644 --- a/config/test.exs +++ b/config/test.exs @@ -82,5 +82,6 @@ config :fz_http, :openid_connect, OpenIDConnect.Mock config :fz_http, FzHttp.Mailer, adapter: Swoosh.Adapters.Test, from_email: "test@firez.one" config :fz_vpn, - # XXX: Bump test coverage by replacing this with a stubbed out module - stats_push_service_enabled: false + # XXX: Bump test coverage by adding a stubbed out module for FzVpn.StatsPushService + supervised_children: [FzVpn.Interface.WGAdapter.Sandbox, FzVpn.Server], + wg_adapter: FzVpn.Interface.WGAdapter.Sandbox