This updates the license for the admin portal (`elixir/`) to the Elastic
License v2, keeping other components Apache 2.0 licensed.
What does this mean for 1.0 going forward?
[Elastic's FAQ](https://www.elastic.co/licensing/elastic-license/faq) is
broadly applicable to Firezone as well. Most notably, MSPs may still use
Firezone to provide general remote access services for third party
users, just not to the Firezone admin portal itself (and REST API).
### Why?
We would lose a little bit of business, though one could argue that the
tradeoff is worth it due to increased market exposure/distribution.
The main, tangible reasons for us today involve the negative impact this
has on our ability to reach product-market fit:
1. We lose the direct feedback channel with paying customers, isolating
them (and us) from our roadmap.
2. Reseller licenses should be offered as part of a proper partner
alliance / reseller program when we have the resources to support it,
which will result in a much better experience for all parties involved
(and restore the lost feedback channel).
3. Having outdated, unpatched, and potentially buggy Firezone instances
running in the wild that we have no visibility or insight into is a
major liability to our brand and reputation and may even result in a
legal liability depending on the jurisdiction and severity of the issue.
See [this
example](https://aws.amazon.com/marketplace/pp/prodview-xgj7kkar35gus)
and [this
one](https://aws.amazon.com/marketplace/pp/prodview-jyd73dot3zrnw).
Adds icons to Apple for app distribution for TestFlight testing.
@pratikvelani -- can these also be used for Android or do we need a
different format? I can add you to our Figma team if you need to slice
the assets directly.
Resolvesfirezone/product#619
This additionally removes `ErrorType`:
- `on_error` is now exclusively used for recoverable errors, and no
longer has an `error_type` parameter.
- `on_disconnect` now has an optional `error` parameter, which specifies
the fatal error that caused the disconnect if relevant.
Why:
* The `show` pages for all of the Firezone resources (i.e. Gateways,
Resources, Devices, etc...) were all very similar but were explicitly
defined in individual tables with their styling also explicitly defined
in each table. This commit creates a `vertical_table` component and a
`vertical_table_row` component to allow the styling to be defined once
and then consistently applied to each `show` page.
Why:
* The previous Gateway Liveviews had used static views and data as a
starting point for fleshing out the web UI. This commit builds on that
and replaces (most) of the static data with data from the database, as
well as updating the static Liveview templates to use components where
possible.
Note: These changes are only meant to involve the Gateway views
(index/show/edit). More changes to other resources will follow(i.e.
Resource, Users, Devices, etc...)
---------
Signed-off-by: bmanifold <bmanifold@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
- Add 1.0 blogpost
- Update font to `Public Sans` since it has all weights and offers
better readability
- Various layout/style fixes
- Disable kotlin draft release job
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
- Replaced connlib dependency to use `rust/connlib/clients/android/lib`
project
- Added `rust-android-gradle` to android project
- Set the `cargo build` target directory to
`rust/connlib/clients/android/lib/build/cargo-target`
- Moved `logger`, `session`, and `vpn` classes to their independent
packages.
- Added `SessionCallback` contract for the session callbacks.
---------
Signed-off-by: Pratik Velani <pratikvelani@gmail.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
This follows-up on the discussion in #1744 and brings connlib in line
with the callback revisions outlined in firezone/product#586
(It also adds some logging to the Apple bridge that was helpful when
testing this)
---------
Co-authored-by: Roopesh Chander <roop@roopc.net>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Bumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/releases">rack's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.7</h2>
<h2>What's Changed</h2>
<ul>
<li>Correct the year number in the changelog by <a
href="https://github.com/kimulab"><code>@kimulab</code></a> in <a
href="https://redirect.github.com/rack/rack/pull/2015">rack/rack#2015</a></li>
<li>Support underscore in host names for Rack 2.2 (Fixes <a
href="https://redirect.github.com/rack/rack/issues/2070">#2070</a>) by
<a href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>
in <a
href="https://redirect.github.com/rack/rack/pull/2071">rack/rack#2071</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kimulab"><code>@kimulab</code></a> made
their first contribution in <a
href="https://redirect.github.com/rack/rack/pull/2015">rack/rack#2015</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7">https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7</a></p>
<h2>v2.2.6.4</h2>
<p>No release notes provided.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/blob/main/CHANGELOG.md">rack's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
For info on how to format all future additions to this file please
reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A
Changelog</a>.</p>
<h2>Unreleased</h2>
<h3>SPEC Changes</h3>
<ul>
<li><code>rack.input</code> is now optional. (<a
href="https://redirect.github.com/rack/rack/pull/1997">#1997</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>rack.input</code> is now optional, and if missing, will raise
an error. Use this to fail on multipart parsing a request without an
input body. (<a
href="https://redirect.github.com/rack/rack/pull/2018">#2018</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>Introduce <code>module Rack::BadRequest</code> which is included in
multipart and query parser errors. (<a
href="https://redirect.github.com/rack/rack/pull/2019">#2019</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>MIME type for JavaScript files (<code>.js</code>) changed from
<code>application/javascript</code> to <code>text/javascript</code> (<a
href="1bd0f1597d"><code>1bd0f15</code></a>)</li>
<li>Add <code>.mjs</code> MIME type (<a
href="https://redirect.github.com/rack/rack/pull/2057">#2057</a>, [<a
href="https://github.com/axilleas"><code>@axilleas</code></a>])</li>
<li>Update MIME types associated to <code>.ttf</code>,
<code>.woff</code>, <code>.woff2</code> and <code>.otf</code> extensions
to use mondern <code>font/*</code> types. (<a
href="https://redirect.github.com/rack/rack/pull/2065">#2065</a>, [<a
href="https://github.com/davidstosik"><code>@davidstosik</code></a>])</li>
</ul>
<h2>[3.0.8] - 2023-06-14</h2>
<ul>
<li>Fix some unused variable verbose warnings. (<a
href="https://redirect.github.com/rack/rack/pull/2084">#2084</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>],
<a
href="https://github.com/skipkayhil"><code>@skipkayhil</code></a>)</li>
</ul>
<h2>[3.0.7] - 2023-03-16</h2>
<ul>
<li>Make query parameters without <code>=</code> have <code>nil</code>
values. (<a
href="https://redirect.github.com/rack/rack/pull/2059">#2059</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
</ul>
<h2>[3.0.6.1] - 2023-03-13</h2>
<ul>
<li>[CVE-2023-27539] Avoid ReDoS in header parsing</li>
</ul>
<h2>[3.0.6] - 2023-03-13</h2>
<ul>
<li>Add <code>QueryParser#missing_value</code> for handling missing
values + tests. (<a
href="https://redirect.github.com/rack/rack/pull/2052">#2052</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h2>[3.0.5] - 2023-03-13</h2>
<ul>
<li>Split form/query parsing into two steps. (<a
href="https://redirect.github.com/rack/rack/pull/2038">#2038</a>, <a
href="https://github.com/matthewd"><code>@matthewd</code></a>)</li>
</ul>
<h2>[3.0.4.2] - 2023-03-02</h2>
<ul>
<li>[CVE-2023-27530] Introduce multipart_total_part_limit to limit total
parts</li>
</ul>
<h2>[3.0.4.1] - 2023-01-17</h2>
<ul>
<li>[CVE-2022-44571] Fix ReDoS vulnerability in multipart parser</li>
<li>[CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges</li>
<li>[CVE-2022-44572] Forbid control characters in attributes (also
ReDoS)</li>
</ul>
<h2>[3.0.4] - 2023-01-17</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="983b6e3b29"><code>983b6e3</code></a>
Bump patch version.</li>
<li><a
href="e5a30bf548"><code>e5a30bf</code></a>
Support underscore in host names for Rack 2.2 (Fixes <a
href="https://redirect.github.com/rack/rack/issues/2070">#2070</a>) (<a
href="https://redirect.github.com/rack/rack/issues/2071">#2071</a>)</li>
<li><a
href="70185aa15a"><code>70185aa</code></a>
Merge branch '2-2-sec' into 2-2-stable</li>
<li><a
href="27addc7f1a"><code>27addc7</code></a>
bump version</li>
<li><a
href="ee7919ea04"><code>ee7919e</code></a>
Avoid ReDoS problem</li>
<li><a
href="6f79642d90"><code>6f79642</code></a>
Merge branch '2-2-sec' into 2-2-stable</li>
<li><a
href="d6b5b2bab8"><code>d6b5b2b</code></a>
bump version</li>
<li><a
href="9aac3757fe"><code>9aac375</code></a>
Limit all multipart parts, not just files</li>
<li><a
href="cd4c9f0e4b"><code>cd4c9f0</code></a>
Correct the year in the changelog (<a
href="https://redirect.github.com/rack/rack/issues/2015">#2015</a>)</li>
<li><a
href="2606ac5d5d"><code>2606ac5</code></a>
bumping version</li>
<li>Additional commits viewable in <a
href="https://github.com/rack/rack/compare/2.2.4...v2.2.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/releases">rack's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.7</h2>
<h2>What's Changed</h2>
<ul>
<li>Correct the year number in the changelog by <a
href="https://github.com/kimulab"><code>@kimulab</code></a> in <a
href="https://redirect.github.com/rack/rack/pull/2015">rack/rack#2015</a></li>
<li>Support underscore in host names for Rack 2.2 (Fixes <a
href="https://redirect.github.com/rack/rack/issues/2070">#2070</a>) by
<a href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>
in <a
href="https://redirect.github.com/rack/rack/pull/2071">rack/rack#2071</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kimulab"><code>@kimulab</code></a> made
their first contribution in <a
href="https://redirect.github.com/rack/rack/pull/2015">rack/rack#2015</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7">https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7</a></p>
<h2>v2.2.6.4</h2>
<p>No release notes provided.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/blob/main/CHANGELOG.md">rack's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
For info on how to format all future additions to this file please
reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A
Changelog</a>.</p>
<h2>Unreleased</h2>
<h3>SPEC Changes</h3>
<ul>
<li><code>rack.input</code> is now optional. (<a
href="https://redirect.github.com/rack/rack/pull/1997">#1997</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>rack.input</code> is now optional, and if missing, will raise
an error. Use this to fail on multipart parsing a request without an
input body. (<a
href="https://redirect.github.com/rack/rack/pull/2018">#2018</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>Introduce <code>module Rack::BadRequest</code> which is included in
multipart and query parser errors. (<a
href="https://redirect.github.com/rack/rack/pull/2019">#2019</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>MIME type for JavaScript files (<code>.js</code>) changed from
<code>application/javascript</code> to <code>text/javascript</code> (<a
href="1bd0f1597d"><code>1bd0f15</code></a>)</li>
<li>Add <code>.mjs</code> MIME type (<a
href="https://redirect.github.com/rack/rack/pull/2057">#2057</a>, [<a
href="https://github.com/axilleas"><code>@axilleas</code></a>])</li>
<li>Update MIME types associated to <code>.ttf</code>,
<code>.woff</code>, <code>.woff2</code> and <code>.otf</code> extensions
to use mondern <code>font/*</code> types. (<a
href="https://redirect.github.com/rack/rack/pull/2065">#2065</a>, [<a
href="https://github.com/davidstosik"><code>@davidstosik</code></a>])</li>
</ul>
<h2>[3.0.8] - 2023-06-14</h2>
<ul>
<li>Fix some unused variable verbose warnings. (<a
href="https://redirect.github.com/rack/rack/pull/2084">#2084</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>],
<a
href="https://github.com/skipkayhil"><code>@skipkayhil</code></a>)</li>
</ul>
<h2>[3.0.7] - 2023-03-16</h2>
<ul>
<li>Make query parameters without <code>=</code> have <code>nil</code>
values. (<a
href="https://redirect.github.com/rack/rack/pull/2059">#2059</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
</ul>
<h2>[3.0.6.1] - 2023-03-13</h2>
<ul>
<li>[CVE-2023-27539] Avoid ReDoS in header parsing</li>
</ul>
<h2>[3.0.6] - 2023-03-13</h2>
<ul>
<li>Add <code>QueryParser#missing_value</code> for handling missing
values + tests. (<a
href="https://redirect.github.com/rack/rack/pull/2052">#2052</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h2>[3.0.5] - 2023-03-13</h2>
<ul>
<li>Split form/query parsing into two steps. (<a
href="https://redirect.github.com/rack/rack/pull/2038">#2038</a>, <a
href="https://github.com/matthewd"><code>@matthewd</code></a>)</li>
</ul>
<h2>[3.0.4.2] - 2023-03-02</h2>
<ul>
<li>[CVE-2023-27530] Introduce multipart_total_part_limit to limit total
parts</li>
</ul>
<h2>[3.0.4.1] - 2023-01-17</h2>
<ul>
<li>[CVE-2022-44571] Fix ReDoS vulnerability in multipart parser</li>
<li>[CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges</li>
<li>[CVE-2022-44572] Forbid control characters in attributes (also
ReDoS)</li>
</ul>
<h2>[3.0.4] - 2023-01-17</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="983b6e3b29"><code>983b6e3</code></a>
Bump patch version.</li>
<li><a
href="e5a30bf548"><code>e5a30bf</code></a>
Support underscore in host names for Rack 2.2 (Fixes <a
href="https://redirect.github.com/rack/rack/issues/2070">#2070</a>) (<a
href="https://redirect.github.com/rack/rack/issues/2071">#2071</a>)</li>
<li><a
href="70185aa15a"><code>70185aa</code></a>
Merge branch '2-2-sec' into 2-2-stable</li>
<li><a
href="27addc7f1a"><code>27addc7</code></a>
bump version</li>
<li><a
href="ee7919ea04"><code>ee7919e</code></a>
Avoid ReDoS problem</li>
<li><a
href="6f79642d90"><code>6f79642</code></a>
Merge branch '2-2-sec' into 2-2-stable</li>
<li><a
href="d6b5b2bab8"><code>d6b5b2b</code></a>
bump version</li>
<li><a
href="9aac3757fe"><code>9aac375</code></a>
Limit all multipart parts, not just files</li>
<li><a
href="cd4c9f0e4b"><code>cd4c9f0</code></a>
Correct the year in the changelog (<a
href="https://redirect.github.com/rack/rack/issues/2015">#2015</a>)</li>
<li><a
href="2606ac5d5d"><code>2606ac5</code></a>
bumping version</li>
<li>Additional commits viewable in <a
href="https://github.com/rack/rack/compare/2.2.4...v2.2.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR adds a product roadmap landing page to our marketing site. The
primary goal is to keep our users informed about major new upcoming
features and releases while still allow enough flexibility around
timeline expectations so that we aren't crunching to meet arbitrary
deadlines.
Add a reorganization disclaimer pointing to the old `legacy` branch.
Will have a new README prepared with appropriate marketing content later
alongside the 1.0 announcement blogpost. This will keep engineers
unblocked and things tidy in the meantime.
This PR improves the build process for the macOS / iOS apps by building
connlib as part of the macOS / iOS app build.
Fixesfirezone/product#625.
This is how the build would work after this PR:
- `build-rust.sh` creates `libconnlib.a` for the appropriate target
triples only. lipo is not used. When creating macOS debug builds, it’s
built only for the native architecture.
- The network extension targets in the Xcode project set a library
search path as the cargo target dir, so that the Xcode build for a
target triple can pickup the appropriate `libconnlib.a` at link time.
Swift code reorganizations:
- connlib’s Adapter has moved to the main app
- connlib’s CallbackHandler’s logic has moved to Adapter, which is set
as CallbackHandler’s delegate. The CallbackHandler serves as an
interface to receive callbacks from the FFI. In case we need to change
the FFI, CallbackHandler should change as well, so it remains in the
connlib directory. In case of changes to the Rust FFI, as part of the
Rust FFI change PR, we can modify the CallbackHandler class and leave
the delegate unchanged, so that the app can continue to be built without
errors.
- `Connlib.xcodeproject` and build scripts for building
`Connlib.xcframework` are removed
- Connlib headers and Swift files are copied to
`FirezoneNetworkExtension/Connlib` as part of the build process, and
used from there.
Rust build changes:
- The rust target dir remains the same, but it’s ~~passed explicitly as
`--target-dir`~~ used to set `CARGO_TARGET_DIR`, so that the same target
dir can be used to populate Xcode’s library search paths
- The `build.rs` for connlib-apple had lots of code to build Swift code
as part of the Rust build. This PR reverts it to the previous simple
version. With this PR, building connlib-apple (i.e. running
`build-rust.sh`) only builds the Rust code.
- ~~We set `cargo:rerun-if-env-changed=CONNLIB_MOCK`.~~ We don't set
this because it's not required.
- The Rust CI job for building connlib-apple is removed. It's built when
the macOS / iOS apps are built in swift.yml. This means that with this
PR, connlib-apple is tested only when `rust/connlib/**` changes, not
when `rust/**` changes. Is that ok?
Other changes not directly related to the build process change but part
of this PR:
- There’s a cleanup script: `./cleanup.sh`
- Fixed a typo in `swift-pass-checks.yml`: “paths-ginore”
Previously, we would access the state around allocations from different
places. This actually led to a minor memory leak where we wouldn't clean
up the `allocations_by_port` table. We refactor the code slightly to
avoid this.
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
~~This is an attempt to fix the CI bug
[here](https://github.com/firezone/firezone/actions/runs/5491388141/jobs/10007864417#step:4:1638)
possibly introduced in
[d9eb2d18](https://github.com/firezone/firezone/commit/d9eb2d18#diff-88bd94db0d5cfd5f0617b7c4ed48c0212597378ed7e28714c5d86c95999b4c7dR29)
and uncovered / exacerbated in Elixir 1.15~~
Edit: looks like this ended up being a couple cache issues with GitHub
actions:
1. The `elixir_api-container-build` cache would always overwrite the
`elixir_web-container-build` on subsequent builds of the same
`github.ref_name` (cache is scoped to branch name by default), leading
to the consistent error `Elixir.Web.Mailer.NoopAdapter does not exist`
whenever a branch was pushed to more than once.
2. The same thing happens with the `integration_test-basic-flow` job
because the `api` service gets built after the `web` service in
docker-compose.yml, overwriting its cache
For some reason it seems the `APPLICATION_NAME` ARG is not busting the
Docker cache properly on GitHub actions for elixir container builds, so
the fix here was to [use
`scope=`](https://docs.docker.com/build/cache/backends/gha/#scope) to
segregate the cache layers between builds of the same branch.
With this patch, the relay exposes a `--json` and `JSON_LOG` env
variable that will activate logs in JSON format the way it is expected
by google cloud:
https://cloud.google.com/logging/docs/structured-logging
In addition, we make use of spans to record contextual information as
first-class variables that are available in the context of every
message. An example output here is:
```
{"time":"2023-07-06T19:54:42.643694430Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/main.rs","line":"156"},"severity":"INFO","message":"Seeding RNG from '0'"}
{"time":"2023-07-06T19:54:42.644408014Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/main.rs","line":"130"},"severity":"INFO","message":"Listening for incoming traffic on UDP port 3478"}
{"time":"2023-07-06T19:54:42.843247996Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"417"},"span":{"lifetime":"600","name":"allocate"},"spans":[{"sender":"127.0.0.1:46406","transaction_id":"0531a911a24d1e5297b94cb2","name":"client"},{"lifetime":"600","name":"allocate"}],"severity":"INFO","ip4RelayAddress":"127.0.0.1:65460","message":"Created new allocation"}
{"time":"2023-07-06T19:54:42.851623041Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"569"},"span":{"allocation":"AID-1","peer_address":"127.0.0.1:42314","requested_channel":"16384","name":"channel_bind"},"spans":[{"sender":"127.0.0.1:46406","transaction_id":"e99e07e482789cdc30bd2b50","name":"client"},{"allocation":"AID-1","peer_address":"127.0.0.1:42314","requested_channel":"16384","name":"channel_bind"}],"severity":"INFO","message":"Successfully bound channel"}
{"time":"2023-07-06T19:54:42.852889208Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"288"},"span":{"allocation_id":"AID-1","channel":16384,"recipient":"127.0.0.1:46406","sender":"127.0.0.1:42314","name":"peer"},"spans":[{"allocation_id":"AID-1","channel":16384,"recipient":"127.0.0.1:46406","sender":"127.0.0.1:42314","name":"peer"}],"severity":"DEBUG","message":"Relaying 32 bytes"}
{"time":"2023-07-06T19:54:42.854625857Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"619"},"span":{"channel":"16384","recipient":"127.0.0.1:42314","name":"channel_data"},"spans":[{"sender":"127.0.0.1:46406","name":"client"},{"channel":"16384","recipient":"127.0.0.1:42314","name":"channel_data"}],"severity":"DEBUG","message":"Relaying 32 bytes"}
```
For some reason, the current `span` is always duplicated but I don't
think that is a big issue. When run using the regular log formatter, it
looks like this:
```
2023-07-06T20:02:33.939273Z INFO relay: Seeding RNG from '0'
2023-07-06T20:02:33.940153Z INFO relay: Listening for incoming traffic on UDP port 3478
2023-07-06T20:02:34.135801Z INFO client{sender=127.0.0.1:33919 transaction_id="7092a2363377709cd18b9d98"}:allocate{lifetime=600}: relay: Created new allocation ip4_relay_address=127.0.0.1:65460
2023-07-06T20:02:34.144833Z INFO client{sender=127.0.0.1:33919 transaction_id="4e1a18e58953242c92a075a3"}:channel_bind{requested_channel=16384 peer_address=127.0.0.1:47859 allocation="AID-1"}: relay: Successfully bound channel
2023-07-06T20:02:34.145501Z DEBUG peer{sender=127.0.0.1:47859 allocation_id=AID-1 recipient=127.0.0.1:33919 channel=16384}: relay: Relaying 32 bytes
2023-07-06T20:02:34.146863Z DEBUG client{sender=127.0.0.1:33919}:channel_data{channel=16384 recipient=127.0.0.1:47859}: relay: Relaying 32 bytes
```
This provides lots of contextual information in a DRY and easily
parse-able way.
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Instead of having portal URL and token optional, we default the portal
URL and decide based on the presence of the token, whether we should
connect to the portal on startup. This allows the relay to be
used/tested standalone and keeps the number of config options and error
cases small.
We require the user to config the full path of the websocket and thus
avoid the need for duplicating the connlib function. Given that most
users will never need to override this option, this seems like a good
trade-off.
Resolves https://github.com/firezone/product/issues/614.
This PR fixes a bunch of small things to allow a new flow to test
clients pinging a resource within docker compose.
Masquerade/Forwarding is enabled directly in the container for now, this
might change in the future.
Also added a README to be able to run this locally.
---------
Signed-off-by: Gabi <gabrielalejandro7@gmail.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
