TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-01-05 14:57:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/store: add common package for instantiating ipn.StateStores

Browse Source 
Also move KubeStore and MemStore into their own package.

RELNOTE: tsnet now supports providing a custom ipn.StateStore.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
Maisem Ali 2022-02-28 13:08:45 -08:00 committed by Maisem Ali
parent d9a7205be5
commit 497324ddf6
27 changed files with 644 additions and 456 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/tailscale/depaware.txt
View File

@ -42,7 +42,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
tailscale.com/hostinfo from tailscale.com/net/interfaces+
tailscale.com/ipn from tailscale.com/cmd/tailscale/cli+
tailscale.com/ipn/ipnstate from tailscale.com/cmd/tailscale/cli+
tailscale.com/kube from tailscale.com/ipn
💣 tailscale.com/metrics from tailscale.com/derp
tailscale.com/net/dnscache from tailscale.com/derp/derphttp
tailscale.com/net/flowtrack from tailscale.com/wgengine/filter+

27
cmd/tailscaled/depaware.txt
View File

@ -6,7 +6,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
LD github.com/anmitsu/go-shlex from github.com/gliderlabs/ssh
L github.com/aws/aws-sdk-go-v2 from github.com/aws/aws-sdk-go-v2/internal/ini
L github.com/aws/aws-sdk-go-v2/aws from github.com/aws/aws-sdk-go-v2/aws/middleware+
L github.com/aws/aws-sdk-go-v2/aws/arn from tailscale.com/ipn/store/aws
L github.com/aws/aws-sdk-go-v2/aws/arn from tailscale.com/ipn/store/awsstore
L github.com/aws/aws-sdk-go-v2/aws/middleware from github.com/aws/aws-sdk-go-v2/aws/retry+
L github.com/aws/aws-sdk-go-v2/aws/protocol/query from github.com/aws/aws-sdk-go-v2/service/sts
L github.com/aws/aws-sdk-go-v2/aws/protocol/restjson from github.com/aws/aws-sdk-go-v2/service/ssm+
@ -16,7 +16,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
L github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4 from github.com/aws/aws-sdk-go-v2/aws/signer/v4
L github.com/aws/aws-sdk-go-v2/aws/signer/v4 from github.com/aws/aws-sdk-go-v2/service/internal/presigned-url+
L github.com/aws/aws-sdk-go-v2/aws/transport/http from github.com/aws/aws-sdk-go-v2/config+
L github.com/aws/aws-sdk-go-v2/config from tailscale.com/ipn/store/aws
L github.com/aws/aws-sdk-go-v2/config from tailscale.com/ipn/store/awsstore
L github.com/aws/aws-sdk-go-v2/credentials from github.com/aws/aws-sdk-go-v2/config
L github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds from github.com/aws/aws-sdk-go-v2/config
L github.com/aws/aws-sdk-go-v2/credentials/endpointcreds from github.com/aws/aws-sdk-go-v2/config
@ -36,7 +36,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
L github.com/aws/aws-sdk-go-v2/internal/sync/singleflight from github.com/aws/aws-sdk-go-v2/aws
L github.com/aws/aws-sdk-go-v2/internal/timeconv from github.com/aws/aws-sdk-go-v2/aws/retry
L github.com/aws/aws-sdk-go-v2/service/internal/presigned-url from github.com/aws/aws-sdk-go-v2/service/sts
L github.com/aws/aws-sdk-go-v2/service/ssm from tailscale.com/ipn/store/aws
L github.com/aws/aws-sdk-go-v2/service/ssm from tailscale.com/ipn/store/awsstore
L github.com/aws/aws-sdk-go-v2/service/ssm/internal/endpoints from github.com/aws/aws-sdk-go-v2/service/ssm
L github.com/aws/aws-sdk-go-v2/service/ssm/types from github.com/aws/aws-sdk-go-v2/service/ssm+
L github.com/aws/aws-sdk-go-v2/service/sso from github.com/aws/aws-sdk-go-v2/config+
@ -185,8 +185,11 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/ipn/ipnstate from tailscale.com/client/tailscale+
tailscale.com/ipn/localapi from tailscale.com/ipn/ipnserver
tailscale.com/ipn/policy from tailscale.com/ipn/ipnlocal
tailscale.com/ipn/store/aws from tailscale.com/ipn/ipnserver
tailscale.com/kube from tailscale.com/ipn
tailscale.com/ipn/store from tailscale.com/cmd/tailscaled
L tailscale.com/ipn/store/awsstore from tailscale.com/ipn/store
L tailscale.com/ipn/store/kubestore from tailscale.com/ipn/store
tailscale.com/ipn/store/mem from tailscale.com/ipn/store+
L tailscale.com/kube from tailscale.com/ipn/store/kubestore
tailscale.com/log/filelogger from tailscale.com/logpolicy
tailscale.com/log/logheap from tailscale.com/control/controlclient
tailscale.com/logpolicy from tailscale.com/cmd/tailscaled+
@ -337,7 +340,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
crypto/sha256 from crypto/tls+
crypto/sha512 from crypto/ecdsa+
crypto/subtle from crypto/aes+
crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
crypto/tls from github.com/tcnksm/go-httpstat+
crypto/x509 from crypto/tls+
crypto/x509/pkix from crypto/x509+
embed from tailscale.com/net/dns+
@ -348,7 +351,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
encoding/hex from crypto/x509+
encoding/json from expvar+
encoding/pem from crypto/tls+
encoding/xml from github.com/aws/aws-sdk-go-v2/aws/protocol/xml+
encoding/xml from github.com/tailscale/goupnp+
errors from bufio+
expvar from tailscale.com/derp+
flag from tailscale.com/cmd/tailscaled+
@ -372,19 +375,19 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
net from crypto/tls+
net/http from expvar+
net/http/httptrace from github.com/tcnksm/go-httpstat+
net/http/httputil from github.com/aws/smithy-go/transport/http+
net/http/httputil from tailscale.com/cmd/tailscaled+
net/http/internal from net/http+
net/http/pprof from tailscale.com/cmd/tailscaled+
net/textproto from github.com/aws/aws-sdk-go-v2/aws/signer/v4+
net/textproto from golang.org/x/net/http/httpguts+
net/url from crypto/x509+
os from crypto/rand+
os/exec from github.com/aws/aws-sdk-go-v2/credentials/processcreds+
os/exec from github.com/coreos/go-iptables/iptables+
os/signal from tailscale.com/cmd/tailscaled+
os/user from github.com/godbus/dbus/v5+
path from github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds+
path from github.com/gliderlabs/ssh+
path/filepath from crypto/x509+
reflect from crypto/x509+
regexp from github.com/aws/aws-sdk-go-v2/internal/endpoints/v2+
regexp from github.com/coreos/go-iptables/iptables+
regexp/syntax from regexp
runtime/debug from github.com/klauspost/compress/zstd+
runtime/pprof from net/http/pprof+

5
cmd/tailscaled/tailscaled.go
View File

@ -33,6 +33,7 @@
"tailscale.com/envknob"
"tailscale.com/ipn"
"tailscale.com/ipn/ipnserver"
"tailscale.com/ipn/store"
"tailscale.com/logpolicy"
"tailscale.com/logtail"
"tailscale.com/net/dns"
@ -394,9 +395,9 @@ func run() error {
opts := ipnServerOpts()
store, err := ipnserver.StateStore(statePathOrDefault(), logf)
store, err := store.New(logf, statePathOrDefault())
if err != nil {
return fmt.Errorf("ipnserver.StateStore: %w", err)
return fmt.Errorf("store.New: %w", err)
}
srv, err := ipnserver.New(logf, pol.PublicID.String(), store, e, dialer, nil, opts)
if err != nil {

4
cmd/tailscaled/tailscaled_windows.go
View File

@ -31,6 +31,7 @@
"inet.af/netaddr"
"tailscale.com/envknob"
"tailscale.com/ipn/ipnserver"
"tailscale.com/ipn/store"
"tailscale.com/logpolicy"
"tailscale.com/net/dns"
"tailscale.com/net/tsdial"
@ -335,8 +336,7 @@ type engineOrError struct {
return nil, fmt.Errorf("%w\n\nlogid: %v", res.Err, logid)
}
}
store, err := ipnserver.StateStore(statePathOrDefault(), logf)
store, err := store.New(logf, statePathOrDefault())
if err != nil {
return err
}

3
ipn/ipnlocal/local_test.go
View File

@ -14,6 +14,7 @@
"inet.af/netaddr"
"tailscale.com/ipn"
"tailscale.com/ipn/store/mem"
"tailscale.com/net/interfaces"
"tailscale.com/net/tsaddr"
"tailscale.com/tailcfg"
@ -457,7 +458,7 @@ func TestLazyMachineKeyGeneration(t *testing.T) {
panicOnMachineKeyGeneration = true
var logf logger.Logf = logger.Discard
store := new(ipn.MemoryStore)
store := new(mem.Store)
eng, err := wgengine.NewFakeUserspaceEngine(logf, 0)
if err != nil {
t.Fatalf("NewFakeUserspaceEngine: %v", err)

3
ipn/ipnlocal/loglines_test.go
View File

@ -11,6 +11,7 @@
"tailscale.com/ipn"
"tailscale.com/ipn/ipnstate"
"tailscale.com/ipn/store/mem"
"tailscale.com/logtail"
"tailscale.com/tailcfg"
"tailscale.com/tstest"
@ -47,7 +48,7 @@ func TestLocalLogLines(t *testing.T) {
idA := logid(0xaa)
// set up a LocalBackend, super bare bones. No functional data.
store := &ipn.MemoryStore{}
store := new(mem.Store)
e, err := wgengine.NewFakeUserspaceEngine(logf, 0)
if err != nil {
t.Fatal(err)

5
ipn/ipnlocal/state_test.go
View File

@ -14,6 +14,7 @@
"tailscale.com/control/controlclient"
"tailscale.com/ipn"
"tailscale.com/ipn/store/mem"
"tailscale.com/syncs"
"tailscale.com/tailcfg"
"tailscale.com/types/empty"
@ -922,7 +923,7 @@ func TestStateMachine(t *testing.T) {
}
type testStateStorage struct {
mem ipn.MemoryStore
mem mem.Store
written syncs.AtomicBool
}
@ -954,7 +955,7 @@ func TestWGEngineStatusRace(t *testing.T) {
eng, err := wgengine.NewFakeUserspaceEngine(logf, 0)
c.Assert(err, qt.IsNil)
t.Cleanup(eng.Close)
b, err := NewLocalBackend(logf, "logid", new(ipn.MemoryStore), nil, eng, 0)
b, err := NewLocalBackend(logf, "logid", new(mem.Store), nil, eng, 0)
c.Assert(err, qt.IsNil)
cc := newMockControl(t)

71
ipn/ipnserver/server.go
View File

@ -36,12 +36,10 @@
"tailscale.com/ipn"
"tailscale.com/ipn/ipnlocal"
"tailscale.com/ipn/localapi"
"tailscale.com/ipn/store/aws"
"tailscale.com/logtail/backoff"
"tailscale.com/net/netstat"
"tailscale.com/net/netutil"
"tailscale.com/net/tsdial"
"tailscale.com/paths"
"tailscale.com/safesocket"
"tailscale.com/smallzstd"
"tailscale.com/types/logger"
@ -657,75 +655,6 @@ func (s *Server) writeToClients(n ipn.Notify) {
}
}
// tryWindowsAppDataMigration attempts to copy the Windows state file
// from its old location to the new location. (Issue 2856)
//
// Tailscale 1.14 and before stored state under %LocalAppData%
// (usually "C:\WINDOWS\system32\config\systemprofile\AppData\Local"
// when tailscaled.exe is running as a non-user system service).
// However it is frequently cleared for almost any reason: Windows
// updates, System Restore, even various System Cleaner utilities.
//
// Returns a string of the path to use for the state file.
// This will be a fallback %LocalAppData% path if migration fails,
// a %ProgramData% path otherwise.
func tryWindowsAppDataMigration(logf logger.Logf, path string) string {
if path != paths.DefaultTailscaledStateFile() {
// If they're specifying a non-default path, just trust that they know
// what they are doing.
return path
}
oldFile := paths.LegacyStateFilePath()
return paths.TryConfigFileMigration(logf, oldFile, path)
}
// StateStore returns a StateStore from path.
//
// The path should be an absolute path to a file.
//
// Special cases:
//
// * empty string means to use an in-memory store
// * if the string begins with "mem:", the suffix
// is ignored and an in-memory store is used.
// * if the string begins with "kube:", the suffix
// is a Kubernetes secret name
// * if the string begins with "arn:", the value is
// an AWS ARN for an SSM.
func StateStore(path string, logf logger.Logf) (ipn.StateStore, error) {
if path == "" {
return &ipn.MemoryStore{}, nil
}
const memPrefix = "mem:"
const kubePrefix = "kube:"
const arnPrefix = "arn:"
switch {
case strings.HasPrefix(path, memPrefix):
return &ipn.MemoryStore{}, nil
case strings.HasPrefix(path, kubePrefix):
secretName := strings.TrimPrefix(path, kubePrefix)
store, err := ipn.NewKubeStore(secretName)
if err != nil {
return nil, fmt.Errorf("ipn.NewKubeStore(%q): %v", secretName, err)
}
return store, nil
case strings.HasPrefix(path, arnPrefix):
store, err := aws.NewStore(path)
if err != nil {
return nil, fmt.Errorf("aws.NewStore(%q): %v", path, err)
}
return store, nil
}
if runtime.GOOS == "windows" {
path = tryWindowsAppDataMigration(logf, path)
}
store, err := ipn.NewFileStore(path)
if err != nil {
return nil, fmt.Errorf("ipn.NewFileStore(%q): %v", path, err)
}
return store, nil
}
// Run runs a Tailscale backend service.
// The getEngine func is called repeatedly, once per connection, until it returns an engine successfully.
//

3
ipn/ipnserver/server_test.go
View File

@ -13,6 +13,7 @@
"tailscale.com/ipn"
"tailscale.com/ipn/ipnserver"
"tailscale.com/ipn/store/mem"
"tailscale.com/net/tsdial"
"tailscale.com/safesocket"
"tailscale.com/wgengine"
@ -66,7 +67,7 @@ func TestRunMultipleAccepts(t *testing.T) {
opts := ipnserver.Options{}
t.Logf("pre-Run")
store := new(ipn.MemoryStore)
store := new(mem.Store)
ln, _, err := safesocket.Listen(socketPath, 0)
if err != nil {

214
ipn/store.go
View File

@ -5,21 +5,7 @@
package ipn
import (
"bytes"
"context"
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"log"
"os"
"path/filepath"
"sync"
"time"
"tailscale.com/atomicfile"
"tailscale.com/kube"
"tailscale.com/paths"
)
// ErrStateNotExist is returned by StateStore.ReadState when the
@ -58,203 +44,3 @@ type StateStore interface {
// WriteState saves bs as the state associated with ID.
WriteState(id StateKey, bs []byte) error
}
// KubeStore is a StateStore that uses a Kubernetes Secret for persistence.
type KubeStore struct {
client *kube.Client
secretName string
}
// NewKubeStore returns a new KubeStore that persists to the named secret.
func NewKubeStore(secretName string) (*KubeStore, error) {
c, err := kube.New()
if err != nil {
return nil, err
}
return &KubeStore{
client: c,
secretName: secretName,
}, nil
}
func (s *KubeStore) String() string { return "KubeStore" }
// ReadState implements the StateStore interface.
func (s *KubeStore) ReadState(id StateKey) ([]byte, error) {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
secret, err := s.client.GetSecret(ctx, s.secretName)
if err != nil {
if st, ok := err.(*kube.Status); ok && st.Code == 404 {
return nil, ErrStateNotExist
}
return nil, err
}
b, ok := secret.Data[string(id)]
if !ok {
return nil, ErrStateNotExist
}
return b, nil
}
// WriteState implements the StateStore interface.
func (s *KubeStore) WriteState(id StateKey, bs []byte) error {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
secret, err := s.client.GetSecret(ctx, s.secretName)
if err != nil {
if st, ok := err.(*kube.Status); ok && st.Code == 404 {
return s.client.CreateSecret(ctx, &kube.Secret{
TypeMeta: kube.TypeMeta{
APIVersion: "v1",
Kind: "Secret",
},
ObjectMeta: kube.ObjectMeta{
Name: s.secretName,
},
Data: map[string][]byte{
string(id): bs,
},
})
}
return err
}
secret.Data[string(id)] = bs
if err := s.client.UpdateSecret(ctx, secret); err != nil {
return err
}
return err
}
// MemoryStore is a store that keeps state in memory only.
type MemoryStore struct {
mu sync.Mutex
cache map[StateKey][]byte
}
func (s *MemoryStore) String() string { return "MemoryStore" }
// ReadState implements the StateStore interface.
func (s *MemoryStore) ReadState(id StateKey) ([]byte, error) {
s.mu.Lock()
defer s.mu.Unlock()
bs, ok := s.cache[id]
if !ok {
return nil, ErrStateNotExist
}
return bs, nil
}
// WriteState implements the StateStore interface.
func (s *MemoryStore) WriteState(id StateKey, bs []byte) error {
s.mu.Lock()
defer s.mu.Unlock()
if s.cache == nil {
s.cache = map[StateKey][]byte{}
}
s.cache[id] = append([]byte(nil), bs...)
return nil
}
// LoadFromJSON attempts to unmarshal json content into the
// in-memory cache.
func (s *MemoryStore) LoadFromJSON(data []byte) error {
s.mu.Lock()
defer s.mu.Unlock()
return json.Unmarshal(data, &s.cache)
}
// ExportToJSON exports the content of the cache to
// JSON formatted []byte.
func (s *MemoryStore) ExportToJSON() ([]byte, error) {
s.mu.Lock()
defer s.mu.Unlock()
if len(s.cache) == 0 {
// Avoid "null" serialization.
return []byte("{}"), nil
}
return json.MarshalIndent(s.cache, "", " ")
}
// FileStore is a StateStore that uses a JSON file for persistence.
type FileStore struct {
path string
mu sync.RWMutex
cache map[StateKey][]byte
}
// Path returns the path that NewFileStore was called with.
func (s *FileStore) Path() string { return s.path }
func (s *FileStore) String() string { return fmt.Sprintf("FileStore(%q)", s.path) }
// NewFileStore returns a new file store that persists to path.
func NewFileStore(path string) (*FileStore, error) {
// We unconditionally call this to ensure that our perms are correct
if err := paths.MkStateDir(filepath.Dir(path)); err != nil {
return nil, fmt.Errorf("creating state directory: %w", err)
}
bs, err := ioutil.ReadFile(path)
// Treat an empty file as a missing file.
// (https://github.com/tailscale/tailscale/issues/895#issuecomment-723255589)
if err == nil && len(bs) == 0 {
log.Printf("ipn.NewFileStore(%q): file empty; treating it like a missing file [warning]", path)
err = os.ErrNotExist
}
if err != nil {
if os.IsNotExist(err) {
// Write out an initial file, to verify that we can write
// to the path.
if err = atomicfile.WriteFile(path, []byte("{}"), 0600); err != nil {
return nil, err
}
return &FileStore{
path: path,
cache: map[StateKey][]byte{},
}, nil
}
return nil, err
}
ret := &FileStore{
path: path,
cache: map[StateKey][]byte{},
}
if err := json.Unmarshal(bs, &ret.cache); err != nil {
return nil, err
}
return ret, nil
}
// ReadState implements the StateStore interface.
func (s *FileStore) ReadState(id StateKey) ([]byte, error) {
s.mu.RLock()
defer s.mu.RUnlock()
bs, ok := s.cache[id]
if !ok {
return nil, ErrStateNotExist
}
return bs, nil
}
// WriteState implements the StateStore interface.
func (s *FileStore) WriteState(id StateKey, bs []byte) error {
s.mu.Lock()
defer s.mu.Unlock()
if bytes.Equal(s.cache[id], bs) {
return nil
}
s.cache[id] = append([]byte(nil), bs...)
bs, err := json.MarshalIndent(s.cache, "", " ")
if err != nil {
return err
}
return atomicfile.WriteFile(s.path, bs, 0600)
}

12
ipn/store/aws/store_aws.go → ipn/store/awsstore/store_aws.go
View File

@ -5,8 +5,8 @@
//go:build linux
// +build linux
// Package aws contains an AWS SSM StateStore implementation.
package aws
// Package awsstore contains an ipn.StateStore implementation using AWS SSM.
package awsstore
import (
"context"
@ -20,6 +20,8 @@
"github.com/aws/aws-sdk-go-v2/service/ssm"
ssmTypes "github.com/aws/aws-sdk-go-v2/service/ssm/types"
"tailscale.com/ipn"
"tailscale.com/ipn/store/mem"
"tailscale.com/types/logger"
)
const (
@ -46,12 +48,12 @@ type awsStore struct {
ssmClient awsSSMClient
ssmARN arn.ARN
memory ipn.MemoryStore
memory mem.Store
}
// NewStore returns a new ipn.StateStore using the AWS SSM storage
// New returns a new ipn.StateStore using the AWS SSM storage
// location given by ssmARN.
func NewStore(ssmARN string) (ipn.StateStore, error) {
func New(_ logger.Logf, ssmARN string) (ipn.StateStore, error) {
return newStore(ssmARN, nil)
}

2
ipn/store/aws/store_aws_stub.go → ipn/store/awsstore/store_aws_stub.go
View File

@ -5,7 +5,7 @@
//go:build !linux
// +build !linux
package aws
package awsstore
import (
"fmt"

2
ipn/store/aws/store_aws_test.go → ipn/store/awsstore/store_aws_test.go
View File

@ -5,7 +5,7 @@
//go:build linux
// +build linux
package aws
package awsstore
import (
"context"

85
ipn/store/kubestore/store_kube.go Normal file
View File

@ -0,0 +1,85 @@
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package kubestore contains an ipn.StateStore implementation using Kubernetes Secrets.
package kubestore
import (
"context"
"time"
"tailscale.com/ipn"
"tailscale.com/kube"
"tailscale.com/types/logger"
)
// Store is an ipn.StateStore that uses a Kubernetes Secret for persistence.
type Store struct {
client *kube.Client
secretName string
}
// New returns a new Store that persists to the named secret.
func New(_ logger.Logf, secretName string) (*Store, error) {
c, err := kube.New()
if err != nil {
return nil, err
}
return &Store{
client: c,
secretName: secretName,
}, nil
}
func (s *Store) String() string { return "kube.Store" }
// ReadState implements the StateStore interface.
func (s *Store) ReadState(id ipn.StateKey) ([]byte, error) {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
secret, err := s.client.GetSecret(ctx, s.secretName)
if err != nil {
if st, ok := err.(*kube.Status); ok && st.Code == 404 {
return nil, ipn.ErrStateNotExist
}
return nil, err
}
b, ok := secret.Data[string(id)]
if !ok {
return nil, ipn.ErrStateNotExist
}
return b, nil
}
// WriteState implements the StateStore interface.
func (s *Store) WriteState(id ipn.StateKey, bs []byte) error {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
secret, err := s.client.GetSecret(ctx, s.secretName)
if err != nil {
if st, ok := err.(*kube.Status); ok && st.Code == 404 {
return s.client.CreateSecret(ctx, &kube.Secret{
TypeMeta: kube.TypeMeta{
APIVersion: "v1",
Kind: "Secret",
},
ObjectMeta: kube.ObjectMeta{
Name: s.secretName,
},
Data: map[string][]byte{
string(id): bs,
},
})
}
return err
}
secret.Data[string(id)] = bs
if err := s.client.UpdateSecret(ctx, secret); err != nil {
return err
}
return err
}

69
ipn/store/mem/store_mem.go Normal file
View File

@ -0,0 +1,69 @@
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package mem provides an in-memory ipn.StateStore implementation.
package mem
import (
"encoding/json"
"sync"
"tailscale.com/ipn"
"tailscale.com/types/logger"
)
// New returns a new Store.
func New(logger.Logf, string) (ipn.StateStore, error) {
return new(Store), nil
}
// Store is an ipn.StateStore that keeps state in memory only.
type Store struct {
mu sync.Mutex
cache map[ipn.StateKey][]byte
}
func (s *Store) String() string { return "mem.Store" }
// ReadState implements the StateStore interface.
func (s *Store) ReadState(id ipn.StateKey) ([]byte, error) {
s.mu.Lock()
defer s.mu.Unlock()
bs, ok := s.cache[id]
if !ok {
return nil, ipn.ErrStateNotExist
}
return bs, nil
}
// WriteState implements the StateStore interface.
func (s *Store) WriteState(id ipn.StateKey, bs []byte) error {
s.mu.Lock()
defer s.mu.Unlock()
if s.cache == nil {
s.cache = map[ipn.StateKey][]byte{}
}
s.cache[id] = append([]byte(nil), bs...)
return nil
}
// LoadFromJSON attempts to unmarshal json content into the
// in-memory cache.
func (s *Store) LoadFromJSON(data []byte) error {
s.mu.Lock()
defer s.mu.Unlock()
return json.Unmarshal(data, &s.cache)
}
// ExportToJSON exports the content of the cache to
// JSON formatted []byte.
func (s *Store) ExportToJSON() ([]byte, error) {
s.mu.Lock()
defer s.mu.Unlock()
if len(s.cache) == 0 {
// Avoid "null" serialization.
return []byte("{}"), nil
}
return json.MarshalIndent(s.cache, "", " ")
}

193
ipn/store/stores.go Normal file
View File

@ -0,0 +1,193 @@
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package store provides various implementation of ipn.StateStore.
package store
import (
"bytes"
"encoding/json"
"fmt"
"io/ioutil"
"log"
"os"
"path/filepath"
"runtime"
"strings"
"sync"
"tailscale.com/atomicfile"
"tailscale.com/ipn"
"tailscale.com/ipn/store/mem"
"tailscale.com/paths"
"tailscale.com/types/logger"
)
// Provider returns a StateStore for the provided path.
// The arg is of the form "prefix:rest", where prefix was previously registered with Register.
type Provider func(logf logger.Logf, arg string) (ipn.StateStore, error)
var regOnce sync.Once
var registerAvailableExternalStores func()
func registerDefaultStores() {
Register("mem:", mem.New)
if registerAvailableExternalStores != nil {
registerAvailableExternalStores()
}
}
var knownStores map[string]Provider
// New returns a StateStore based on the provided arg
// and registered stores.
// The arg is of the form "prefix:rest", where prefix was previously
// registered with Register.
//
// By default the following stores are registered:
//
// * if the string begins with "mem:", the suffix
// is ignored and an in-memory store is used.
// * (Linux-only) if the string begins with "arn:",
// the suffix an AWS ARN for an SSM.
// * (Linux-only) if the string begins with "kube:",
// the suffix is a Kubernetes secret name
// * In all other cases, the path is treated as a filepath.
func New(logf logger.Logf, path string) (ipn.StateStore, error) {
regOnce.Do(registerDefaultStores)
for prefix, sf := range knownStores {
if strings.HasPrefix(path, prefix) {
// We can't strip the prefix here as some NewStoreFunc (like arn:)
// expect the prefix.
return sf(logf, path)
}
}
if runtime.GOOS == "windows" {
path = TryWindowsAppDataMigration(logf, path)
}
return NewFileStore(logf, path)
}
// Register registers a prefix to be used for
// NewStore. It panics if the prefix is empty, or if the
// prefix is already registered.
// The provided fn is called with the path passed to NewStore;
// the prefix is not stripped.
func Register(prefix string, fn Provider) {
if len(prefix) == 0 {
panic("prefix is empty")
}
if _, ok := knownStores[prefix]; ok {
panic(fmt.Sprintf("%q already registered", prefix))
}
if knownStores == nil {
knownStores = make(map[string]Provider)
}
knownStores[prefix] = fn
}
// TryWindowsAppDataMigration attempts to copy the Windows state file
// from its old location to the new location. (Issue 2856)
//
// Tailscale 1.14 and before stored state under %LocalAppData%
// (usually "C:\WINDOWS\system32\config\systemprofile\AppData\Local"
// when tailscaled.exe is running as a non-user system service).
// However it is frequently cleared for almost any reason: Windows
// updates, System Restore, even various System Cleaner utilities.
//
// Returns a string of the path to use for the state file.
// This will be a fallback %LocalAppData% path if migration fails,
// a %ProgramData% path otherwise.
func TryWindowsAppDataMigration(logf logger.Logf, path string) string {
if path != paths.DefaultTailscaledStateFile() {
// If they're specifying a non-default path, just trust that they know
// what they are doing.
return path
}
oldFile := paths.LegacyStateFilePath()
return paths.TryConfigFileMigration(logf, oldFile, path)
}
// FileStore is a StateStore that uses a JSON file for persistence.
type FileStore struct {
path string
mu sync.RWMutex
cache map[ipn.StateKey][]byte
}
// Path returns the path that NewFileStore was called with.
func (s *FileStore) Path() string { return s.path }
func (s *FileStore) String() string { return fmt.Sprintf("FileStore(%q)", s.path) }
// NewFileStore returns a new file store that persists to path.
func NewFileStore(_ logger.Logf, path string) (ipn.StateStore, error) {
// We unconditionally call this to ensure that our perms are correct
if err := paths.MkStateDir(filepath.Dir(path)); err != nil {
return nil, fmt.Errorf("creating state directory: %w", err)
}
bs, err := ioutil.ReadFile(path)
// Treat an empty file as a missing file.
// (https://github.com/tailscale/tailscale/issues/895#issuecomment-723255589)
if err == nil && len(bs) == 0 {
log.Printf("ipn.NewFileStore(%q): file empty; treating it like a missing file [warning]", path)
err = os.ErrNotExist
}
if err != nil {
if os.IsNotExist(err) {
// Write out an initial file, to verify that we can write
// to the path.
if err = atomicfile.WriteFile(path, []byte("{}"), 0600); err != nil {
return nil, err
}
return &FileStore{
path: path,
cache: map[ipn.StateKey][]byte{},
}, nil
}
return nil, err
}
ret := &FileStore{
path: path,
cache: map[ipn.StateKey][]byte{},
}
if err := json.Unmarshal(bs, &ret.cache); err != nil {
return nil, err
}
return ret, nil
}
// ReadState implements the StateStore interface.
func (s *FileStore) ReadState(id ipn.StateKey) ([]byte, error) {
s.mu.RLock()
defer s.mu.RUnlock()
bs, ok := s.cache[id]
if !ok {
return nil, ipn.ErrStateNotExist
}
return bs, nil
}
// WriteState implements the StateStore interface.
func (s *FileStore) WriteState(id ipn.StateKey, bs []byte) error {
s.mu.Lock()
defer s.mu.Unlock()
if bytes.Equal(s.cache[id], bs) {
return nil
}
s.cache[id] = append([]byte(nil), bs...)
bs, err := json.MarshalIndent(s.cache, "", " ")
if err != nil {
return err
}
return atomicfile.WriteFile(s.path, bs, 0600)
}

26
ipn/store/stores_linux.go Normal file
View File

@ -0,0 +1,26 @@
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package store
import (
"strings"
"tailscale.com/ipn"
"tailscale.com/ipn/store/awsstore"
"tailscale.com/ipn/store/kubestore"
"tailscale.com/types/logger"
)
func init() {
registerAvailableExternalStores = registerExternalStores
}
func registerExternalStores() {
Register("kube:", func(logf logger.Logf, path string) (ipn.StateStore, error) {
secretName := strings.TrimPrefix(path, "kube:")
return kubestore.New(logf, secretName)
})
Register("arn:", awsstore.New)
}

191
ipn/store/stores_test.go Normal file
View File

@ -0,0 +1,191 @@
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package store
import (
"os"
"path/filepath"
"testing"
"tailscale.com/ipn"
"tailscale.com/ipn/store/mem"
"tailscale.com/tstest"
"tailscale.com/types/logger"
)
func TestNewStore(t *testing.T) {
regOnce.Do(registerDefaultStores)
t.Cleanup(func() {
knownStores = map[string]Provider{}
registerDefaultStores()
})
knownStores = map[string]Provider{}
type store1 struct {
ipn.StateStore
path string
}
type store2 struct {
ipn.StateStore
path string
}
Register("arn:", func(_ logger.Logf, path string) (ipn.StateStore, error) {
return &store1{new(mem.Store), path}, nil
})
Register("kube:", func(_ logger.Logf, path string) (ipn.StateStore, error) {
return &store2{new(mem.Store), path}, nil
})
Register("mem:", func(_ logger.Logf, path string) (ipn.StateStore, error) {
return new(mem.Store), nil
})
path := "mem:abcd"
if s, err := New(t.Logf, path); err != nil {
t.Fatalf("%q: %v", path, err)
} else if _, ok := s.(*mem.Store); !ok {
t.Fatalf("%q: got: %T, want: %T", path, s, new(mem.Store))
}
path = "arn:foo"
if s, err := New(t.Logf, path); err != nil {
t.Fatalf("%q: %v", path, err)
} else if _, ok := s.(*store1); !ok {
t.Fatalf("%q: got: %T, want: %T", path, s, new(store1))
}
path = "kube:abcd"
if s, err := New(t.Logf, path); err != nil {
t.Fatalf("%q: %v", path, err)
} else if _, ok := s.(*store2); !ok {
t.Fatalf("%q: got: %T, want: %T", path, s, new(store2))
}
f, err := os.CreateTemp("", "")
if err != nil {
t.Fatal(err)
}
if err := f.Close(); err != nil {
t.Fatal(err)
}
t.Cleanup(func() {
os.Remove(f.Name())
})
path = f.Name()
if s, err := New(t.Logf, path); err != nil {
t.Fatalf("%q: %v", path, err)
} else if _, ok := s.(*FileStore); !ok {
t.Fatalf("%q: got: %T, want: %T", path, s, new(FileStore))
}
}
func testStoreSemantics(t *testing.T, store ipn.StateStore) {
t.Helper()
tests := []struct {
// if true, data is data to write. If false, data is expected
// output of read.
write bool
id ipn.StateKey
data string
// If write=false, true if we expect a not-exist error.
notExists bool
}{
{
id: "foo",
notExists: true,
},
{
write: true,
id: "foo",
data: "bar",
},
{
id: "foo",
data: "bar",
},
{
id: "baz",
notExists: true,
},
{
write: true,
id: "baz",
data: "quux",
},
{
id: "foo",
data: "bar",
},
{
id: "baz",
data: "quux",
},
}
for _, test := range tests {
if test.write {
if err := store.WriteState(test.id, []byte(test.data)); err != nil {
t.Errorf("writing %q to %q: %v", test.data, test.id, err)
}
} else {
bs, err := store.ReadState(test.id)
if err != nil {
if test.notExists && err == ipn.ErrStateNotExist {
continue
}
t.Errorf("reading %q: %v", test.id, err)
continue
}
if string(bs) != test.data {
t.Errorf("reading %q: got %q, want %q", test.id, string(bs), test.data)
}
}
}
}
func TestMemoryStore(t *testing.T) {
tstest.PanicOnLog()
store := new(mem.Store)
testStoreSemantics(t, store)
}
func TestFileStore(t *testing.T) {
tstest.PanicOnLog()
dir := t.TempDir()
path := filepath.Join(dir, "test-file-store.conf")
store, err := NewFileStore(nil, path)
if err != nil {
t.Fatalf("creating file store failed: %v", err)
}
testStoreSemantics(t, store)
// Build a brand new file store and check that both IDs written
// above are still there.
store, err = NewFileStore(nil, path)
if err != nil {
t.Fatalf("creating second file store failed: %v", err)
}
expected := map[ipn.StateKey]string{
"foo": "bar",
"baz": "quux",
}
for key, want := range expected {
bs, err := store.ReadState(key)
if err != nil {
t.Errorf("reading %q (2nd store): %v", key, err)
continue
}
if string(bs) != want {
t.Errorf("reading %q (2nd store): got %q, want %q", key, bs, want)
}
}
}

120
ipn/store_test.go
View File

@ -1,120 +0,0 @@
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package ipn
import (
"path/filepath"
"testing"
"tailscale.com/tstest"
)
func testStoreSemantics(t *testing.T, store StateStore) {
t.Helper()
tests := []struct {
// if true, data is data to write. If false, data is expected
// output of read.
write bool
id StateKey
data string
// If write=false, true if we expect a not-exist error.
notExists bool
}{
{
id: "foo",
notExists: true,
},
{
write: true,
id: "foo",
data: "bar",
},
{
id: "foo",
data: "bar",
},
{
id: "baz",
notExists: true,
},
{
write: true,
id: "baz",
data: "quux",
},
{
id: "foo",
data: "bar",
},
{
id: "baz",
data: "quux",
},
}
for _, test := range tests {
if test.write {
if err := store.WriteState(test.id, []byte(test.data)); err != nil {
t.Errorf("writing %q to %q: %v", test.data, test.id, err)
}
} else {
bs, err := store.ReadState(test.id)
if err != nil {
if test.notExists && err == ErrStateNotExist {
continue
}
t.Errorf("reading %q: %v", test.id, err)
continue
}
if string(bs) != test.data {
t.Errorf("reading %q: got %q, want %q", test.id, string(bs), test.data)
}
}
}
}
func TestMemoryStore(t *testing.T) {
tstest.PanicOnLog()
store := &MemoryStore{}
testStoreSemantics(t, store)
}
func TestFileStore(t *testing.T) {
tstest.PanicOnLog()
dir := t.TempDir()
path := filepath.Join(dir, "test-file-store.conf")
store, err := NewFileStore(path)
if err != nil {
t.Fatalf("creating file store failed: %v", err)
}
testStoreSemantics(t, store)
// Build a brand new file store and check that both IDs written
// above are still there.
store, err = NewFileStore(path)
if err != nil {
t.Fatalf("creating second file store failed: %v", err)
}
expected := map[StateKey]string{
"foo": "bar",
"baz": "quux",
}
for key, want := range expected {
bs, err := store.ReadState(key)
if err != nil {
t.Errorf("reading %q (2nd store): %v", key, err)
continue
}
if string(bs) != want {
t.Errorf("reading %q (2nd store): got %q, want %q", key, bs, want)
}
}
}

4
ssh/tailssh/tailssh_test.go
View File

@ -22,8 +22,8 @@
"github.com/gliderlabs/ssh"
"inet.af/netaddr"
"tailscale.com/ipn"
"tailscale.com/ipn/ipnlocal"
"tailscale.com/ipn/store/mem"
"tailscale.com/net/tsdial"
"tailscale.com/tailcfg"
"tailscale.com/tstest"
@ -181,7 +181,7 @@ func TestSSH(t *testing.T) {
t.Fatal(err)
}
lb, err := ipnlocal.NewLocalBackend(logf, "",
new(ipn.MemoryStore),
new(mem.Store),
new(tsdial.Dialer),
eng, 0)
if err != nil {

52
tsnet/tsnet.go
View File

@ -27,6 +27,8 @@
"tailscale.com/ipn"
"tailscale.com/ipn/ipnlocal"
"tailscale.com/ipn/localapi"
"tailscale.com/ipn/store"
"tailscale.com/ipn/store/mem"
"tailscale.com/net/nettest"
"tailscale.com/net/tsdial"
"tailscale.com/smallzstd"
@ -46,6 +48,12 @@ type Server struct {
// based on the name of the binary.
Dir string
// Store specifies the state store to use.
//
// If nil, a new FileStore is initialized at `Dir/tailscaled.state`.
// See tailscale.com/ipn/store for supported stores.
Store ipn.StateStore
// Hostname is the hostname to present to the control server.
// If empty, the binary name is used.
Hostname string
@ -62,7 +70,7 @@ type Server struct {
initErr error
lb *ipnlocal.LocalBackend
// the state directory
dir string
rootPath string
hostname string
mu sync.Mutex
@ -79,12 +87,6 @@ func (s *Server) Dial(ctx context.Context, network, address string) (net.Conn, e
return s.dialer.UserDial(ctx, network, address)
}
func (s *Server) doInit() {
if err := s.start(); err != nil {
s.initErr = fmt.Errorf("tsnet: %w", err)
}
}
// Start connects the server to the tailnet.
// Optional: any calls to Dial/Listen will also call Start.
func (s *Server) Start() error {
@ -92,6 +94,12 @@ func (s *Server) Start() error {
return s.initErr
}
func (s *Server) doInit() {
if err := s.start(); err != nil {
s.initErr = fmt.Errorf("tsnet: %w", err)
}
}
func (s *Server) start() error {
if !envknob.UseWIPCode() {
return errors.New("code disabled without environment variable TAILSCALE_USE_WIP_CODE set true")
@ -108,21 +116,26 @@ func (s *Server) start() error {
s.hostname = prog
}
s.dir = s.Dir
if s.dir == "" {
s.rootPath = s.Dir
if s.Store != nil && !s.Ephemeral {
if _, ok := s.Store.(*mem.Store); !ok {
return fmt.Errorf("in-memory store is only supported for Ephemeral nodes")
}
}
if s.rootPath == "" {
confDir, err := os.UserConfigDir()
if err != nil {
return err
}
s.dir = filepath.Join(confDir, "tslib-"+prog)
if err := os.MkdirAll(s.dir, 0700); err != nil {
s.rootPath = filepath.Join(confDir, "tslib-"+prog)
if err := os.MkdirAll(s.rootPath, 0700); err != nil {
return err
}
}
if fi, err := os.Stat(s.dir); err != nil {
if fi, err := os.Stat(s.rootPath); err != nil {
return err
} else if !fi.IsDir() {
return fmt.Errorf("%v is not a directory", s.dir)
return fmt.Errorf("%v is not a directory", s.rootPath)
}
logf := s.Logf
@ -170,10 +183,11 @@ func (s *Server) start() error {
return ns.DialContextTCP(ctx, dst)
}
statePath := filepath.Join(s.dir, "tailscaled.state")
store, err := ipn.NewFileStore(statePath)
if err != nil {
return err
if s.Store == nil {
s.Store, err = store.New(logf, filepath.Join(s.rootPath, "tailscaled.state"))
if err != nil {
return err
}
}
logid := "tslib-TODO"
@ -181,11 +195,11 @@ func (s *Server) start() error {
if s.Ephemeral {
loginFlags = controlclient.LoginEphemeral
}
lb, err := ipnlocal.NewLocalBackend(logf, logid, store, s.dialer, eng, loginFlags)
lb, err := ipnlocal.NewLocalBackend(logf, logid, s.Store, s.dialer, eng, loginFlags)
if err != nil {
return fmt.Errorf("NewLocalBackend: %v", err)
}
lb.SetVarRoot(s.dir)
lb.SetVarRoot(s.rootPath)
s.lb = lb
lb.SetDecompressor(func() (controlclient.Decompressor, error) {
return smallzstd.NewDecoder(nil)

3
tstest/integration/integration_test.go
View File

@ -33,6 +33,7 @@
"inet.af/netaddr"
"tailscale.com/ipn"
"tailscale.com/ipn/ipnstate"
"tailscale.com/ipn/store"
"tailscale.com/safesocket"
"tailscale.com/tailcfg"
"tailscale.com/tstest"
@ -586,7 +587,7 @@ func (n *testNode) diskPrefs() *ipn.Prefs {
if _, err := ioutil.ReadFile(n.stateFile); err != nil {
t.Fatalf("reading prefs: %v", err)
}
fs, err := ipn.NewFileStore(n.stateFile)
fs, err := store.NewFileStore(nil, n.stateFile)
if err != nil {
t.Fatalf("reading prefs, NewFileStore: %v", err)
}

1
tstest/integration/tailscaled_deps_test_darwin.go
View File

@ -19,6 +19,7 @@
_ "tailscale.com/envknob"
_ "tailscale.com/ipn"
_ "tailscale.com/ipn/ipnserver"
_ "tailscale.com/ipn/store"
_ "tailscale.com/logpolicy"
_ "tailscale.com/logtail"
_ "tailscale.com/net/dns"

1
tstest/integration/tailscaled_deps_test_freebsd.go
View File

@ -19,6 +19,7 @@
_ "tailscale.com/envknob"
_ "tailscale.com/ipn"
_ "tailscale.com/ipn/ipnserver"
_ "tailscale.com/ipn/store"
_ "tailscale.com/logpolicy"
_ "tailscale.com/logtail"
_ "tailscale.com/net/dns"

1
tstest/integration/tailscaled_deps_test_linux.go
View File

@ -19,6 +19,7 @@
_ "tailscale.com/envknob"
_ "tailscale.com/ipn"
_ "tailscale.com/ipn/ipnserver"
_ "tailscale.com/ipn/store"
_ "tailscale.com/logpolicy"
_ "tailscale.com/logtail"
_ "tailscale.com/net/dns"

1
tstest/integration/tailscaled_deps_test_openbsd.go
View File

@ -19,6 +19,7 @@
_ "tailscale.com/envknob"
_ "tailscale.com/ipn"
_ "tailscale.com/ipn/ipnserver"
_ "tailscale.com/ipn/store"
_ "tailscale.com/logpolicy"
_ "tailscale.com/logtail"
_ "tailscale.com/net/dns"

1
tstest/integration/tailscaled_deps_test_windows.go
View File

@ -22,6 +22,7 @@
_ "tailscale.com/envknob"
_ "tailscale.com/ipn"
_ "tailscale.com/ipn/ipnserver"
_ "tailscale.com/ipn/store"
_ "tailscale.com/logpolicy"
_ "tailscale.com/logtail"
_ "tailscale.com/logtail/backoff"