Skip to content

Commit

Permalink
Migrate the ssh tunnel from supervisor to ws-proxy
Browse files Browse the repository at this point in the history
  • Loading branch information
iQQBot committed Nov 22, 2023
1 parent 6ff405b commit dc0da1a
Show file tree
Hide file tree
Showing 17 changed files with 325 additions and 172 deletions.
2 changes: 2 additions & 0 deletions components/ws-proxy/BUILD.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ packages:
- "public/**"
deps:
- components/common-go:lib
- components/gitpod-protocol/go:lib
- components/content-service-api/go:lib
- components/content-service:lib
- components/registry-facade-api/go:lib
Expand Down Expand Up @@ -45,6 +46,7 @@ packages:
- "public/**"
deps:
- components/common-go:lib
- components/gitpod-protocol/go:lib
- components/content-service-api/go:lib
- components/content-service:lib
- components/registry-facade-api/go:lib
Expand Down
7 changes: 4 additions & 3 deletions components/ws-proxy/cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ var runCmd = &cobra.Command{

// SSH Gateway
var signers []ssh.Signer
var sshGatewayServer *sshproxy.Server
flist, err := os.ReadDir("/mnt/host-key")
if err == nil && len(flist) > 0 {
for _, f := range flist {
Expand All @@ -149,12 +150,12 @@ var runCmd = &cobra.Command{
signers = append(signers, hostSigner)
}
if len(signers) > 0 {
server := sshproxy.New(signers, infoprov, heartbeat)
sshGatewayServer = sshproxy.New(signers, infoprov, heartbeat)
l, err := net.Listen("tcp", ":2200")
if err != nil {
panic(err)
}
go server.Serve(l)
go sshGatewayServer.Serve(l)
log.Info("SSHGateway is up and running")
}
}
Expand All @@ -163,7 +164,7 @@ var runCmd = &cobra.Command{

go func() {
log.Infof("startint proxying on %s", cfg.Ingress.HTTPAddress)
proxy.NewWorkspaceProxy(cfg.Ingress, cfg.Proxy, proxy.HostBasedRouter(cfg.Ingress.Header, cfg.Proxy.GitpodInstallation.WorkspaceHostSuffix, cfg.Proxy.GitpodInstallation.WorkspaceHostSuffixRegex), infoprov, signers).MustServe(ctrlCtx)
proxy.NewWorkspaceProxy(cfg.Ingress, cfg.Proxy, proxy.HostBasedRouter(cfg.Ingress.Header, cfg.Proxy.GitpodInstallation.WorkspaceHostSuffix, cfg.Proxy.GitpodInstallation.WorkspaceHostSuffixRegex), infoprov, sshGatewayServer).MustServe(ctrlCtx)
}()

log.Info("🚪 ws-proxy is up and running")
Expand Down
17 changes: 12 additions & 5 deletions components/ws-proxy/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,20 @@ go 1.21
require (
github.com/bombsimon/logrusr/v2 v2.0.1
github.com/gitpod-io/gitpod/common-go v0.0.0-00010101000000-000000000000
github.com/gitpod-io/gitpod/gitpod-protocol v0.0.0-00010101000000-000000000000
github.com/gitpod-io/gitpod/supervisor/api v0.0.0-00010101000000-000000000000
github.com/gitpod-io/gitpod/ws-manager/api v0.0.0-00010101000000-000000000000
github.com/gitpod-io/golang-crypto v0.0.0-20230731181530-3ce7221eee49
github.com/gitpod-io/golang-crypto v0.0.0-20231122075959-de838e9cb174
github.com/go-ozzo/ozzo-validation v3.6.0+incompatible
github.com/google/go-cmp v0.5.9
github.com/gorilla/handlers v1.5.1
github.com/gorilla/mux v1.8.0
github.com/gorilla/websocket v1.5.1
github.com/klauspost/cpuid/v2 v2.0.9
github.com/prometheus/client_golang v1.16.0
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.6.0
golang.org/x/net v0.10.0
golang.org/x/net v0.17.0
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
google.golang.org/grpc v1.52.3
k8s.io/api v0.27.3
Expand All @@ -27,6 +29,7 @@ require (

require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/cenkalti/backoff/v4 v4.1.3 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.9.0 // indirect
Expand All @@ -41,6 +44,7 @@ require (
github.com/go-openapi/swag v0.22.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/mock v1.6.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/gnostic v0.5.7-v3refs // indirect
github.com/google/gofuzz v1.1.0 // indirect
Expand All @@ -67,15 +71,16 @@ require (
github.com/prometheus/common v0.42.0 // indirect
github.com/prometheus/procfs v0.10.1 // indirect
github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3 // indirect
github.com/sourcegraph/jsonrpc2 v0.0.0-20200429184054-15c2290dcb37 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/uber/jaeger-client-go v2.29.1+incompatible // indirect
github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect
go.uber.org/atomic v1.7.0 // indirect
golang.org/x/oauth2 v0.5.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/term v0.10.0 // indirect
golang.org/x/text v0.11.0 // indirect
golang.org/x/sys v0.14.0 // indirect
golang.org/x/term v0.14.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
Expand All @@ -97,6 +102,8 @@ require (

replace github.com/gitpod-io/gitpod/common-go => ../common-go // leeway

replace github.com/gitpod-io/gitpod/gitpod-protocol => ../gitpod-protocol/go // leeway

replace github.com/gitpod-io/gitpod/components/scrubber => ../scrubber // leeway

replace github.com/gitpod-io/gitpod/content-service => ../content-service // leeway
Expand Down
42 changes: 34 additions & 8 deletions components/ws-proxy/go.sum

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

66 changes: 66 additions & 0 deletions components/ws-proxy/pkg/common/infoprovider.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
// Copyright (c) 2020 Gitpod GmbH. All rights reserved.
// Licensed under the GNU Affero General Public License (AGPL).
// See License.AGPL.txt in the project root for license information.

package common

import (
"time"

"github.com/gitpod-io/gitpod/ws-manager/api"
wsapi "github.com/gitpod-io/gitpod/ws-manager/api"
)

const (
// Used as key for storing the workspace port in the requests mux.Vars() map.
WorkspacePortIdentifier = "workspacePort"

// Used as key for storing the workspace ID in the requests mux.Vars() map.
WorkspaceIDIdentifier = "workspaceID"

DebugWorkspaceIdentifier = "debugWorkspace"

WorkspacePathPrefixIdentifier = "workspacePathPrefix"

WorkspaceInfoIdentifier = "workspaceInfo"
)

// WorkspaceCoords represents the coordinates of a workspace (port).
type WorkspaceCoords struct {
// The workspace ID
ID string
// The workspace port
Port string
// Debug workspace
Debug bool
}

// WorkspaceInfoProvider is an entity that is able to provide workspaces related information.
type WorkspaceInfoProvider interface {
// WorkspaceInfo returns the workspace information of a workspace using it's workspace ID
WorkspaceInfo(workspaceID string) *WorkspaceInfo
}

// WorkspaceInfo is all the infos ws-proxy needs to know about a workspace.
type WorkspaceInfo struct {
WorkspaceID string
InstanceID string
URL string

IDEImage string
SupervisorImage string

// (parsed from URL)
IDEPublicPort string

IPAddress string

Ports []*api.PortSpec

Auth *wsapi.WorkspaceAuthentication
StartedAt time.Time

OwnerUserId string
SSHPublicKeys []string
IsRunning bool
}
7 changes: 4 additions & 3 deletions components/ws-proxy/pkg/proxy/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,11 @@ import (
"github.com/gorilla/mux"

"github.com/gitpod-io/gitpod/ws-manager/api"
"github.com/gitpod-io/gitpod/ws-proxy/pkg/common"
)

// WorkspaceAuthHandler rejects requests which are not authenticated or authorized to access a workspace.
func WorkspaceAuthHandler(domain string, info WorkspaceInfoProvider) mux.MiddlewareFunc {
func WorkspaceAuthHandler(domain string, info common.WorkspaceInfoProvider) mux.MiddlewareFunc {
return func(h http.Handler) http.Handler {
cookiePrefix := domain
for _, c := range []string{" ", "-", "."} {
Expand All @@ -29,8 +30,8 @@ func WorkspaceAuthHandler(domain string, info WorkspaceInfoProvider) mux.Middlew
var (
log = getLog(req.Context())
vars = mux.Vars(req)
wsID = vars[workspaceIDIdentifier]
port = vars[workspacePortIdentifier]
wsID = vars[common.WorkspaceIDIdentifier]
port = vars[common.WorkspacePortIdentifier]
)
if wsID == "" {
log.Warn("workspace request without workspace ID")
Expand Down
Loading

0 comments on commit dc0da1a

Please sign in to comment.