Merge pull request #1361 from openziti/edge-terminator-p2

Second pass at edge terminator fixes
openziti · Sep 30, 2023 · c901a98 · c901a98
2 parents 22f366e + 267215a
commit c901a98
Show file tree

Hide file tree

Showing 12 changed files with 240 additions and 445 deletions.
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -33,7 +33,7 @@ jobs:
           # working-directory: somedir
 
           # Optional: golangci-lint command line arguments.
-          args: --build-tags apitests
+          # args: --build-tags apitests
 
           # Optional: show only new issues if it's a pull request. The default value is `false`.
           # only-new-issues: true

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -127,12 +127,6 @@ jobs:
           CC=arm-linux-gnueabihf-gcc $(go env GOPATH)/bin/gox -cgo -os=linux -arch=arm -output=$GOX_OUTPUT ./...
           CC=aarch64-linux-gnu-gcc   $(go env GOPATH)/bin/gox -cgo -os=linux -arch=arm64 -output=$GOX_OUTPUT ./...
 
-      - name: Run Go Quickstart Test
-        timeout-minutes: 5
-        shell: bash
-        run: |
-          go test -v -tags "quickstart automated" ./ziti/cmd/edge/...;
-
       - name: Upload artifacts
         uses: actions/upload-artifact@v3
         with:
@@ -164,7 +158,7 @@ jobs:
           go test -v -tags "quickstart automated" ./ziti/cmd/edge/...;
 
       - name: Run Unit and Integration Tests
-        timeout-minutes: 5
+        timeout-minutes: 10
         shell: bash
         run: |
           go test ./... --tags apitests

diff --git a/.golangci.yml b/.golangci.yml
@@ -1,4 +1,6 @@
 run:
+  build-tags:
+    - apitests
   deadline: 8m
   skip-files:
     - ziti/cmd/edge/verify_ca.go

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 ## What's New
 
+* `ziti edge quickstart`
+* Edge SDK terminator improvements
+
+## `ziti edge quickstart`
+
 * `ziti edge quickstart`](https://github.com/openziti/ziti/issues/1298). You can now
   download the `ziti` CLI and have a functioning network with just one command. The
   network it creates is ephemeral and is intended to be torn down when the process exits.
@@ -33,10 +38,46 @@
     --password someOtherPassword
   ```
 
-* Bugfixes
+## Edge SDK Terminator Improvements
+
+There was a race condition in edge sdk terminator handling, where if sdk noticed a broken connection before the router did,
+it would reconnect and rebind while the router still though it had the old connection and old binding. Because we were 
+using the session token to key terminator state in the router, the new terminator information would overwrite the old 
+terminator information in the router. However, in the controller, the information wouldn't get overridden, since we use a
+UUID to key things in the controller. When the router noticed the old connection was gone it would try to clean things
+up, but since the state had been overwritten, it couldn't and the controller would be left with an orphaned terminator.
+
+The router now uses a UUID as well so there shouldn't be any more orphaned terminators. 
 
 ## Component Updates and Bug Fixes
 
+* github.com/openziti/channel/v2: [v2.0.95 -> v2.0.99](https://github.com/openziti/channel/compare/v2.0.95...v2.0.99)
+* github.com/openziti/edge-api: [v0.25.33 -> v0.25.37](https://github.com/openziti/edge-api/compare/v0.25.33...v0.25.37)
+    * [Issue #44](https://github.com/openziti/edge-api/issues/44) - create session can return 404 if service id is invalid
+
+* github.com/openziti/fabric: [v0.24.23 -> v0.24.36](https://github.com/openziti/fabric/compare/v0.24.23...v0.24.36)
+    * [Issue #799](https://github.com/openziti/fabric/issues/799) - Alll controllers to advertise capabilities to routers/other controllers
+    * [Issue #796](https://github.com/openziti/fabric/issues/796) - Make link heartbeats configurable, including an unresponive close timeout
+    * [Issue #794](https://github.com/openziti/fabric/issues/794) - Add output file to ziti agent controller snapshot-db command
+    * [Issue #792](https://github.com/openziti/fabric/issues/792) - include raft index in DB snapshot filename
+    * [Issue #791](https://github.com/openziti/fabric/issues/791) - FieldError Reason field not parsed correct when transmitted from cluster node to cluster node
+    * [Issue #789](https://github.com/openziti/fabric/issues/789) - Retransmitting prevents circuit from being idle checked
+
+* github.com/openziti/foundation/v2: [v2.0.30 -> v2.0.32](https://github.com/openziti/foundation/compare/v2.0.30...v2.0.32)
+* github.com/openziti/identity: [v1.0.61 -> v1.0.63](https://github.com/openziti/identity/compare/v1.0.61...v1.0.63)
+* github.com/openziti/metrics: [v1.2.33 -> v1.2.35](https://github.com/openziti/metrics/compare/v1.2.33...v1.2.35)
+* github.com/openziti/runzmd: [v1.0.30 -> v1.0.32](https://github.com/openziti/runzmd/compare/v1.0.30...v1.0.32)
+* github.com/openziti/sdk-golang: [v0.20.101 -> v0.20.116](https://github.com/openziti/sdk-golang/compare/v0.20.101...v0.20.116)
+    * [Issue #431](https://github.com/openziti/sdk-golang/issues/431) - sdk can panic when re-authenticating and rebinding at the same time
+    * [Issue #238](https://github.com/openziti/sdk-golang/issues/238) - service binding needs to restart if service is recreated
+    * [Issue #115](https://github.com/openziti/sdk-golang/issues/115) - Don't use hostname for CN in CSR
+    * [Issue #429](https://github.com/openziti/sdk-golang/issues/429) - error handling is broken, so we don't properly retry 
+
+* github.com/openziti/secretstream: [v0.1.11 -> v0.1.12](https://github.com/openziti/secretstream/compare/v0.1.11...v0.1.12)
+* github.com/openziti/storage: [v0.2.14 -> v0.2.18](https://github.com/openziti/storage/compare/v0.2.14...v0.2.18)
+    * [Issue #31](https://github.com/openziti/storage/issues/31) - Fix ANTLR int overflow error on arm 32
+
+* github.com/openziti/transport/v2: [v2.0.103 -> v2.0.107](https://github.com/openziti/transport/compare/v2.0.103...v2.0.107)
 * github.com/openziti/ziti: [v0.30.3 -> v0.30.4](https://github.com/openziti/ziti/compare/v0.30.3...v0.30.4)
   * Fixed an issue causing router configs to be rewritten when docker compose was brought up with existing configs
 

diff --git a/controller/handler_edge_ctrl/remove_terminator.go b/controller/handler_edge_ctrl/remove_terminator.go
@@ -22,7 +22,6 @@ import (
 	"github.com/openziti/ziti/common"
 	"github.com/openziti/ziti/common/pb/edge_ctrl_pb"
 	"github.com/openziti/ziti/controller/env"
-	"github.com/openziti/ziti/controller/persistence"
 	"github.com/sirupsen/logrus"
 	"google.golang.org/protobuf/proto"
 )
@@ -84,26 +83,11 @@ func (self *removeTerminatorHandler) RemoveTerminator(ctx *RemoveTerminatorReque
 		return
 	}
 
-	ctx.loadSession(ctx.req.SessionToken)
-	if ctx.err != nil {
-		// if the session is invalid, we still want to delete the terminator if the session is gone, but
-		// the terminator matches the sessions
-		if terminator.Address == "hosted:"+ctx.req.SessionToken {
-			ctx.err = nil
-		} else {
-			self.returnError(ctx, ctx.err)
-			return
-		}
-	} else {
-		ctx.checkSessionType(persistence.SessionTypeBind)
-		ctx.checkSessionFingerprints(ctx.req.Fingerprints)
-	}
-
-	if ctx.err != nil {
-		self.returnError(ctx, ctx.err)
-		return
-	}
-
+	// SDKs can't request terminator deletes directly, they can only do so through the router.
+	// The router will only ask to delete terminators that belong to the SDK, so we shouldn't need
+	// to check the session again here. The session may already be deleted, and if it is, we don't
+	// currently have a way to verify that it's associated. Also, with idempotent terminators, a
+	// terminator may belong to a series of sessions.
 	err := self.getNetwork().Terminators.Delete(ctx.req.TerminatorId, ctx.newChangeContext())
 	if err != nil {
 		self.returnError(ctx, internalError(err))

diff --git a/go.mod b/go.mod
@@ -9,12 +9,11 @@ require (
 	github.com/MakeNowJust/heredoc v1.0.0
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/cenkalti/backoff/v4 v4.2.1
-	github.com/coreos/go-iptables v0.6.0
+	github.com/coreos/go-iptables v0.7.0
 	github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3
-	github.com/dineshappavoo/basex v0.0.0-20170425072625-481a6f6dc663
 	github.com/fatih/color v1.15.0
 	github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa
-	github.com/go-acme/lego/v4 v4.2.0
+	github.com/go-acme/lego/v4 v4.14.2
 	github.com/go-openapi/errors v0.20.4
 	github.com/go-openapi/loads v0.21.2
 	github.com/go-openapi/runtime v0.26.0
@@ -27,7 +26,7 @@ require (
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/websocket v1.5.0
 	github.com/hashicorp/golang-lru/v2 v2.0.6
-	github.com/jedib0t/go-pretty/v6 v6.4.0
+	github.com/jedib0t/go-pretty/v6 v6.4.7
 	github.com/jinzhu/copier v0.4.0
 	github.com/kataras/go-events v0.0.3
 	github.com/lucsky/cuid v1.2.1
@@ -37,14 +36,14 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/openziti/agent v1.0.15
 	github.com/openziti/channel/v2 v2.0.99
-	github.com/openziti/edge-api v0.25.36
+	github.com/openziti/edge-api v0.25.37
 	github.com/openziti/fabric v0.24.36
 	github.com/openziti/foundation/v2 v2.0.32
 	github.com/openziti/identity v1.0.63
 	github.com/openziti/jwks v1.0.3
 	github.com/openziti/metrics v1.2.35
-	github.com/openziti/runzmd v1.0.31
-	github.com/openziti/sdk-golang v0.20.112
+	github.com/openziti/runzmd v1.0.32
+	github.com/openziti/sdk-golang v0.20.116
 	github.com/openziti/secretstream v0.1.12
 	github.com/openziti/storage v0.2.18
 	github.com/openziti/transport/v2 v2.0.107
@@ -54,13 +53,13 @@ require (
 	github.com/orcaman/concurrent-map/v2 v2.0.1
 	github.com/pkg/errors v0.9.1
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475
-	github.com/russross/blackfriday v1.5.2
+	github.com/russross/blackfriday v1.6.0
 	github.com/shirou/gopsutil/v3 v3.23.8
 	github.com/sirupsen/logrus v1.9.3
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.10.0
+	github.com/spf13/viper v1.16.0
 	github.com/stretchr/testify v1.8.4
 	github.com/teris-io/shortid v0.0.0-20201117134242-e59966efd125
 	github.com/xeipuuv/gojsonschema v1.2.0
@@ -93,6 +92,7 @@ require (
 	github.com/c-bata/go-prompt v0.2.6 // indirect
 	github.com/creack/pty v1.1.11 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dineshappavoo/basex v0.0.0-20170425072625-481a6f6dc663 // indirect
 	github.com/disintegration/imaging v1.6.2 // indirect
 	github.com/dlclark/regexp2 v1.10.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
@@ -101,6 +101,7 @@ require (
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/felixge/httpsnoop v1.0.1 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
@@ -111,7 +112,7 @@ require (
 	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-openapi/validate v0.22.1 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/gomarkdown/markdown v0.0.0-20230916125811-7478c230c7cd // indirect
+	github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 // indirect
 	github.com/gorilla/handlers v1.5.1 // indirect
 	github.com/gorilla/schema v1.2.0 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
@@ -132,7 +133,7 @@ require (
 	github.com/kyokomi/emoji/v2 v2.2.12 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20230326075908-cb1d2100619a // indirect
-	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
@@ -148,7 +149,7 @@ require (
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/openziti/dilithium v0.3.3 // indirect
 	github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 // indirect
-	github.com/pelletier/go-toml v1.9.4 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/pkg/term v1.2.0-beta.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b // indirect
@@ -158,10 +159,10 @@ require (
 	github.com/rs/cors v1.9.0 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/speps/go-hashids v2.0.0+incompatible // indirect
-	github.com/spf13/afero v1.6.0 // indirect
-	github.com/spf13/cast v1.4.1 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/subosito/gotenv v1.2.0 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/tklauser/go-sysconf v0.3.12 // indirect
 	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
@@ -171,16 +172,16 @@ require (
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
-	go.opentelemetry.io/otel v1.18.0 // indirect
-	go.opentelemetry.io/otel/metric v1.18.0 // indirect
-	go.opentelemetry.io/otel/trace v1.18.0 // indirect
+	go.opentelemetry.io/otel v1.19.0 // indirect
+	go.opentelemetry.io/otel/metric v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/image v0.12.0 // indirect
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/oauth2 v0.10.0 // indirect
 	golang.org/x/term v0.12.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	gopkg.in/ini.v1 v1.66.2 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	nhooyr.io/websocket v1.8.7 // indirect
 )