Skip to content

Commit 48bb452

Browse files
sreyasreya
authored
fix: fix tailnet resume using incorrect DB reference (#15522)
- We were instantiating a cryptokey cache with a vanilla reference to the database instead of one wrapped by dbcrypt. - Fixes an issue where failing to instantiate unrelated keycaches does not fatally error out.
1 parent 4fedc7c commit 48bb452

File tree

2 files changed

+23
-23
lines changed

2 files changed

+23
-23
lines changed

cli/server.go

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,6 @@ import (
6161
"github.com/coder/serpent"
6262
"github.com/coder/wgtunnel/tunnelsdk"
6363

64-
"github.com/coder/coder/v2/coderd/cryptokeys"
6564
"github.com/coder/coder/v2/coderd/entitlements"
6665
"github.com/coder/coder/v2/coderd/notifications/reports"
6766
"github.com/coder/coder/v2/coderd/runtimeconfig"
@@ -754,25 +753,6 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
754753
return xerrors.Errorf("set deployment id: %w", err)
755754
}
756755

757-
fetcher := &cryptokeys.DBFetcher{
758-
DB: options.Database,
759-
}
760-
761-
resumeKeycache, err := cryptokeys.NewSigningCache(ctx,
762-
logger,
763-
fetcher,
764-
codersdk.CryptoKeyFeatureTailnetResume,
765-
)
766-
if err != nil {
767-
logger.Critical(ctx, "failed to properly instantiate tailnet resume signing cache", slog.Error(err))
768-
}
769-
770-
options.CoordinatorResumeTokenProvider = tailnet.NewResumeTokenKeyProvider(
771-
resumeKeycache,
772-
quartz.NewReal(),
773-
tailnet.DefaultResumeTokenExpiry,
774-
)
775-
776756
options.RuntimeConfig = runtimeconfig.NewManager()
777757

778758
// This should be output before the logs start streaming.

coderd/coderd.go

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -467,7 +467,7 @@ func New(options *Options) *API {
467467
codersdk.CryptoKeyFeatureOIDCConvert,
468468
)
469469
if err != nil {
470-
options.Logger.Critical(ctx, "failed to properly instantiate oidc convert signing cache", slog.Error(err))
470+
options.Logger.Fatal(ctx, "failed to properly instantiate oidc convert signing cache", slog.Error(err))
471471
}
472472
}
473473

@@ -478,7 +478,7 @@ func New(options *Options) *API {
478478
codersdk.CryptoKeyFeatureWorkspaceAppsToken,
479479
)
480480
if err != nil {
481-
options.Logger.Critical(ctx, "failed to properly instantiate app signing key cache", slog.Error(err))
481+
options.Logger.Fatal(ctx, "failed to properly instantiate app signing key cache", slog.Error(err))
482482
}
483483
}
484484

@@ -489,10 +489,30 @@ func New(options *Options) *API {
489489
codersdk.CryptoKeyFeatureWorkspaceAppsAPIKey,
490490
)
491491
if err != nil {
492-
options.Logger.Critical(ctx, "failed to properly instantiate app encryption key cache", slog.Error(err))
492+
options.Logger.Fatal(ctx, "failed to properly instantiate app encryption key cache", slog.Error(err))
493493
}
494494
}
495495

496+
if options.CoordinatorResumeTokenProvider == nil {
497+
fetcher := &cryptokeys.DBFetcher{
498+
DB: options.Database,
499+
}
500+
501+
resumeKeycache, err := cryptokeys.NewSigningCache(ctx,
502+
options.Logger,
503+
fetcher,
504+
codersdk.CryptoKeyFeatureTailnetResume,
505+
)
506+
if err != nil {
507+
options.Logger.Fatal(ctx, "failed to properly instantiate tailnet resume signing cache", slog.Error(err))
508+
}
509+
options.CoordinatorResumeTokenProvider = tailnet.NewResumeTokenKeyProvider(
510+
resumeKeycache,
511+
options.Clock,
512+
tailnet.DefaultResumeTokenExpiry,
513+
)
514+
}
515+
496516
updatesProvider := NewUpdatesProvider(options.Logger.Named("workspace_updates"), options.Pubsub, options.Database, options.Authorizer)
497517

498518
// Start a background process that rotates keys. We intentionally start this after the caches

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy