[management] Send relay credentials with turn updates (#3164)

send relay credentials when sending turn credentials update to avoid removing servers
from clients

management/server/token_mgr.go

@@ -158,7 +158,7 @@ func (m *TimeBasedAuthSecretsManager) refreshTURNTokens(ctx context.Context, pee
 			log.WithContext(ctx).Debugf("stopping TURN refresh for %s", peerID)
 			return
 		case <-ticker.C:
-			m.pushNewTURNTokens(ctx, peerID)
+			m.pushNewTURNAndRelayTokens(ctx, peerID)
 		}
 	}
 }
@@ -178,7 +178,7 @@ func (m *TimeBasedAuthSecretsManager) refreshRelayTokens(ctx context.Context, pe
 	}
 }
 
-func (m *TimeBasedAuthSecretsManager) pushNewTURNTokens(ctx context.Context, peerID string) {
+func (m *TimeBasedAuthSecretsManager) pushNewTURNAndRelayTokens(ctx context.Context, peerID string) {
 	turnToken, err := m.turnHmacToken.GenerateToken(sha1.New)
 	if err != nil {
 		log.Errorf("failed to generate token for peer '%s': %s", peerID, err)
@@ -201,10 +201,21 @@ func (m *TimeBasedAuthSecretsManager) pushNewTURNTokens(ctx context.Context, pee
 	update := &proto.SyncResponse{
 		WiretrusteeConfig: &proto.WiretrusteeConfig{
 			Turns: turns,
-			// omit Relay to avoid updates there
 		},
 	}
 
+	// workaround for the case when client is unable to handle turn and relay updates at different time
+	if m.relayCfg != nil {
+		token, err := m.GenerateRelayToken()
+		if err == nil {
+			update.WiretrusteeConfig.Relay = &proto.RelayConfig{
+				Urls:           m.relayCfg.Addresses,
+				TokenPayload:   token.Payload,
+				TokenSignature: token.Signature,
+			}
+		}
+	}
+
 	log.WithContext(ctx).Debugf("sending new TURN credentials to peer %s", peerID)
 	m.updateManager.SendUpdate(ctx, peerID, &UpdateMessage{Update: update})
 }