mirror of
https://github.com/netbirdio/netbird.git
synced 2026-07-16 19:49:56 +00:00
* [agent-network] Shared proto, OpenAPI schema, and generated types * [agent-network] Management: store, manager, synthesizer, policy engine, provider catalog, HTTP/gRPC API Adds the account-scoped agent-network module: provider/policy/budget CRUD and store, the reverse-proxy service synthesizer, policy selection + limit enforcement, the provider catalog (incl. Vertex AI and AWS Bedrock entries), and the management HTTP + proxy gRPC surfaces. * [management] Fix agent-network proxy-peer fan-out on affected-peer recompute The affected-peers resolver loaded only persisted reverse-proxy services, but agent-network services are synthesized on demand and never persisted. As a result the embedded proxy peer was never folded into the affected set when a client's group changed, so the proxy received no network-map update for a newly authorised client and rejected its handshake until a full resync (restart). loadProxyServices now merges the synthesized agent-network services (injected via a registration hook to avoid an import cycle), so proxy peers learn newly authorised clients immediately. * [proxy] Reverse-proxy middleware framework, chain, and request plumbing The per-target middleware chain (slots, dispatcher, mutation gate, metadata merger), body capture, access-log terminal sink, and the proxy wiring that builds + runs chains for synthesized agent-network services. * [proxy] LLM parsers, pricing, and builtin middlewares (OpenAI, Anthropic, Vertex AI, AWS Bedrock) Request/response parsers and SSE/event-stream metering, the embedded pricing table, and the builtin middleware set: request parser, router, policy limit-check/record, cost meter, guardrail, identity inject, response parser. Includes the path-routed providers — Google Vertex AI (keyfile:: service-account OAuth minting) and AWS Bedrock (bearer auth, invoke/converse/streaming, optional /bedrock prefix) — plus the Models allowlist and unmeterable-publisher deny. * [proxy] IPv6 in-place apply and TCP accept-loop hardening on netstack listeners * [agent-network] End-to-end test suite, module docs, and deployment preset * [agent-network] Fix codespell typos and exclude false positives - labelgen word pool: vermillion -> vermilion, racoon -> raccoon. - codespell ignore list: add flate (Go compress/flate package), recordin (a test-local identifier), and unparseable (a valid alternative spelling used consistently across identifiers + a metadata-value constant). * [management] Set LastSeen on injected proxy peer in realstack test (MySQL strict-mode) The injected embedded proxy peer had a PeerStatus with a zero LastSeen, which serializes to '0000-00-00' and is rejected by MySQL in strict mode (SQLite tolerates it). Set LastSeen to a valid time so SaveAccount succeeds on both engines. * [agent-network] Remove e2e shell-script suite from this branch The end-to-end shell scripts under scripts/e2e/ are maintained in a separate testing suite and are not part of this change set. * [agent-network] Polish module docs: remove internal review scaffolding, fix links, verify diagrams Strip PR-review framing, commit references, absolute paths, and stale internal references from the agent-network module docs; fix broken relative links; verify all diagrams against the current architecture. Remove the internal AI-reviewer prompt file. * [management] Refine session expiration handling to support 3-state encoding for SSO deadlines * [agent-network] Relocate agentnetwork package to internals/modules Move management/server/agentnetwork (and its catalog/, labelgen/, types/ subpackages) to management/internals/modules/agentnetwork, alongside the reverse-proxy module, and rewrite all importers. Pure relocation: package names, the synthesizer + affectedpeers registration hook, and store access (shared store.Store) are unchanged, so no import cycle is introduced (affectedpeers still depends only on the agentnetwork/types leaf). * [agent-network] Co-locate HTTP handlers in the module (RegisterEndpoints) Move the agent-network HTTP handlers from server/http/handlers/agentnetwork into the module at internals/modules/agentnetwork/handlers (package handlers) and rename the entrypoint AddEndpoints -> RegisterEndpoints, matching the reverse-proxy module convention. Wiring in http/handler.go updated accordingly.
143 lines
4.9 KiB
Go
143 lines
4.9 KiB
Go
package tcp
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"net"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// TestIsClosedListenerErr_NetErrClosed verifies the stdlib path: a
|
|
// closed *net.Listener returns net.ErrClosed wrapped in *net.OpError,
|
|
// and IsClosedListenerErr must unwrap it.
|
|
func TestIsClosedListenerErr_NetErrClosed(t *testing.T) {
|
|
wrapped := &net.OpError{Op: "accept", Net: "tcp", Err: net.ErrClosed}
|
|
assert.True(t, IsClosedListenerErr(wrapped),
|
|
"net.OpError wrapping net.ErrClosed must be recognised as closed")
|
|
}
|
|
|
|
// TestIsClosedListenerErr_GVisorInvalidEndpoint is the load-bearing
|
|
// regression guard. A gVisor netstack listener whose endpoint has been
|
|
// destroyed returns this exact text. Without recognising it the accept
|
|
// loop spins forever and burns a CPU core.
|
|
func TestIsClosedListenerErr_GVisorInvalidEndpoint(t *testing.T) {
|
|
err := fmt.Errorf("accept tcp 10.10.1.254:80: endpoint is in invalid state")
|
|
assert.True(t, IsClosedListenerErr(err),
|
|
"gVisor 'endpoint is in invalid state' must be recognised as closed")
|
|
}
|
|
|
|
// TestIsClosedListenerErr_OtherError confirms we don't over-match —
|
|
// transient errors must keep returning false so the backoff path runs.
|
|
func TestIsClosedListenerErr_OtherError(t *testing.T) {
|
|
cases := []error{
|
|
errors.New("temporary failure"),
|
|
errors.New("accept tcp 10.10.1.254:80: too many open files"),
|
|
nil,
|
|
}
|
|
for _, c := range cases {
|
|
assert.False(t, IsClosedListenerErr(c),
|
|
"unexpected match on %v — must not be treated as closed", c)
|
|
}
|
|
}
|
|
|
|
// TestAcceptBackoff_ProgressionAndCap asserts the doubling schedule:
|
|
// 5ms, 10ms, 20ms, 40ms, ... capped at 1s. The test runs against a
|
|
// real timer but uses tight bounds so a slow CI machine still passes.
|
|
func TestAcceptBackoff_ProgressionAndCap(t *testing.T) {
|
|
var b AcceptBackoff
|
|
expected := []time.Duration{
|
|
5 * time.Millisecond,
|
|
10 * time.Millisecond,
|
|
20 * time.Millisecond,
|
|
40 * time.Millisecond,
|
|
}
|
|
for i, want := range expected {
|
|
start := time.Now()
|
|
ok := b.Backoff(context.Background())
|
|
elapsed := time.Since(start)
|
|
require.True(t, ok, "Backoff %d must complete; ctx is alive", i)
|
|
assert.GreaterOrEqual(t, elapsed, want,
|
|
"backoff %d (%v) must wait at least the configured delay", i, want)
|
|
assert.Less(t, elapsed, want*4,
|
|
"backoff %d (%v) must not overshoot by more than 4x — caps misbehaving", i, want)
|
|
}
|
|
|
|
// Burn enough rounds to reach the cap, then assert subsequent
|
|
// rounds stay at exactly maxAcceptDelay (1s) — the timer should
|
|
// never exceed it.
|
|
for range 6 {
|
|
b.Backoff(context.Background())
|
|
}
|
|
assert.Equal(t, maxAcceptDelay, b.delay,
|
|
"after enough doublings the delay must clamp to maxAcceptDelay")
|
|
}
|
|
|
|
// TestAcceptBackoff_Reset confirms that a successful Accept resets the
|
|
// schedule — a busy-then-quiet listener mustn't stay on a 1s timer
|
|
// after recovery.
|
|
func TestAcceptBackoff_Reset(t *testing.T) {
|
|
var b AcceptBackoff
|
|
for range 5 {
|
|
b.Backoff(context.Background())
|
|
}
|
|
require.NotEqual(t, time.Duration(0), b.delay, "precondition: delay must have accumulated")
|
|
|
|
b.Reset()
|
|
assert.Equal(t, time.Duration(0), b.delay, "Reset must zero the delay")
|
|
|
|
start := time.Now()
|
|
ok := b.Backoff(context.Background())
|
|
elapsed := time.Since(start)
|
|
require.True(t, ok, "Backoff after Reset must complete")
|
|
assert.GreaterOrEqual(t, elapsed, minAcceptDelay,
|
|
"after Reset the next backoff must restart at minAcceptDelay")
|
|
assert.Less(t, elapsed, 50*time.Millisecond,
|
|
"after Reset the next backoff must NOT carry over the prior delay")
|
|
}
|
|
|
|
// TestAcceptBackoff_CancelDuringWait proves the loop exits promptly
|
|
// when ctx fires mid-wait. Without this, a tear-down would still take
|
|
// up to 1 second per orphaned listener.
|
|
func TestAcceptBackoff_CancelDuringWait(t *testing.T) {
|
|
var b AcceptBackoff
|
|
// Drive the backoff up so the next call will wait ~1s — long
|
|
// enough that we can detect early cancellation.
|
|
for range 10 {
|
|
b.Backoff(context.Background())
|
|
}
|
|
require.Equal(t, maxAcceptDelay, b.delay)
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
go func() {
|
|
time.Sleep(20 * time.Millisecond)
|
|
cancel()
|
|
}()
|
|
|
|
start := time.Now()
|
|
ok := b.Backoff(ctx)
|
|
elapsed := time.Since(start)
|
|
assert.False(t, ok, "Backoff must return false when ctx is cancelled mid-wait")
|
|
assert.Less(t, elapsed, 200*time.Millisecond,
|
|
"cancellation must short-circuit the timer; took %v", elapsed)
|
|
}
|
|
|
|
// TestAcceptBackoff_CancelBeforeCall — when ctx is already done the
|
|
// loop exits without sleeping at all.
|
|
func TestAcceptBackoff_CancelBeforeCall(t *testing.T) {
|
|
var b AcceptBackoff
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
cancel()
|
|
|
|
start := time.Now()
|
|
ok := b.Backoff(ctx)
|
|
elapsed := time.Since(start)
|
|
assert.False(t, ok, "Backoff must return false when ctx is already cancelled")
|
|
assert.Less(t, elapsed, 50*time.Millisecond,
|
|
"already-cancelled ctx must return immediately; took %v", elapsed)
|
|
}
|