[vnet] feat: support VNet SSH when cluster name does not match proxy public addr

lib/teleterm/vnet/service.go

@@ -225,15 +225,15 @@ func (s *Service) ListDNSZones(ctx context.Context, req *api.ListDNSZonesRequest
 		s.mu.Unlock()
 		return nil, trace.CompareFailed("VNet is not running")
 	}
-	osConfigProvider := s.vnetProcess.GetOSConfigProvider()
+	unifiedClusterConfigProvider := s.vnetProcess.GetUnifiedClusterConfigProvider()
 	s.mu.Unlock()
 
-	targetOSConfig, err := osConfigProvider.GetTargetOSConfiguration(ctx)
+	unifiedClusterConfig, err := unifiedClusterConfigProvider.GetUnifiedClusterConfig(ctx)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 	return &api.ListDNSZonesResponse{
-		DnsZones: targetOSConfig.GetDnsZones(),
+		DnsZones: unifiedClusterConfig.AppDNSZones(),
 	}, nil
 }
 

lib/teleterm/vnet/service_darwin.go

@@ -77,14 +77,14 @@ func (s *Service) RunDiagnostics(ctx context.Context, req *api.RunDiagnosticsReq
 }
 
 func (s *Service) getNetworkStack(ctx context.Context) (*diagv1.NetworkStack, error) {
-	targetOSConfig, err := s.vnetProcess.GetOSConfigProvider().GetTargetOSConfiguration(ctx)
+	unifiedClusterConfig, err := s.vnetProcess.GetUnifiedClusterConfigProvider().GetUnifiedClusterConfig(ctx)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 	return &diagv1.NetworkStack{
 		InterfaceName:  s.networkStackInfo.InterfaceName,
 		Ipv6Prefix:     s.networkStackInfo.Ipv6Prefix,
-		Ipv4CidrRanges: targetOSConfig.GetIpv4CidrRanges(),
-		DnsZones:       targetOSConfig.GetDnsZones(),
+		Ipv4CidrRanges: unifiedClusterConfig.IPv4CidrRanges,
+		DnsZones:       unifiedClusterConfig.AllDNSZones(),
 	}, nil
 }

lib/vnet/admin_process_darwin.go

@@ -75,7 +75,7 @@ func RunDarwinAdminProcess(ctx context.Context, config daemon.Config) error {
 		return trace.Wrap(err, "reporting network stack info to client application")
 	}
 
-	osConfigProvider, err := newRemoteOSConfigProvider(
+	osConfigProvider, err := newOSConfigProvider(
 		clt,
 		tunName,
 		networkStackConfig.ipv6Prefix.String(),

lib/vnet/admin_process_windows.go

@@ -116,7 +116,7 @@ func runWindowsAdminProcess(ctx context.Context, cfg *windowsAdminProcessConfig)
 		return trace.Wrap(err, "reporting network stack info to client application")
 	}
 
-	osConfigProvider, err := newRemoteOSConfigProvider(
+	osConfigProvider, err := newOSConfigProvider(
 		clt,
 		tunName,
 		networkStackConfig.ipv6Prefix.String(),

lib/vnet/client_application_service.go

@@ -70,11 +70,11 @@ type clientApplicationService struct {
 }
 
 type clientApplicationServiceConfig struct {
-	fqdnResolver          *fqdnResolver
-	localOSConfigProvider *LocalOSConfigProvider
-	clientApplication     ClientApplication
-	homePath              string
-	clock                 clockwork.Clock
+	fqdnResolver                 *fqdnResolver
+	unifiedClusterConfigProvider *UnifiedClusterConfigProvider
+	clientApplication            ClientApplication
+	homePath                     string
+	clock                        clockwork.Clock
 }
 
 func newClientApplicationService(cfg *clientApplicationServiceConfig) (*clientApplicationService, error) {
@@ -255,12 +255,15 @@ func newAppKey(protoAppKey *vnetv1.AppKey, port uint16) appKey {
 // DNS nameserver and the IPv4 CIDR ranges that should be routed to the VNet TUN
 // interface.
 func (s *clientApplicationService) GetTargetOSConfiguration(ctx context.Context, _ *vnetv1.GetTargetOSConfigurationRequest) (*vnetv1.GetTargetOSConfigurationResponse, error) {
-	targetConfig, err := s.cfg.localOSConfigProvider.GetTargetOSConfiguration(ctx)
+	unifiedClusterConfig, err := s.cfg.unifiedClusterConfigProvider.GetUnifiedClusterConfig(ctx)
 	if err != nil {
 		return nil, trace.Wrap(err, "getting target OS configuration")
 	}
 	return &vnetv1.GetTargetOSConfigurationResponse{
-		TargetOsConfiguration: targetConfig,
+		TargetOsConfiguration: &vnetv1.TargetOSConfiguration{
+			DnsZones:       unifiedClusterConfig.AllDNSZones(),
+			Ipv4CidrRanges: unifiedClusterConfig.IPv4CidrRanges,
+		},
 	}, nil
 }
 

lib/vnet/clusterconfigcache.go

@@ -32,9 +32,10 @@ import (
 )
 
 type ClusterConfig struct {
-	// DNSZones is the list of DNS zones that are valid for this cluster, this includes ProxyPublicAddr *and*
-	// any configured custom DNS zones for the cluster.
-	DNSZones []string
+	// ProxyPublicAddr is the public address of the proxy, it is always a valid DNS zone for apps.
+	ProxyPublicAddr string
+	// CustomDNSZones is the list of custom DNS zones configured for the cluster.
+	CustomDNSZones []string
 	// IPv4CIDRRange is the CIDR range that IPv4 addresses should be assigned from for apps in this cluster.
 	IPv4CIDRRange string
 	// Expires is the time at which this information should be considered stale and refetched. Stale data may
@@ -46,6 +47,10 @@ func (e *ClusterConfig) stale(clock clockwork.Clock) bool {
 	return clock.Now().After(e.Expires)
 }
 
+func (c *ClusterConfig) appDNSZones() []string {
+	return append([]string{c.ProxyPublicAddr}, c.CustomDNSZones...)
+}
+
 // ClusterConfigCache is a read-through cache for cluster VnetConfigs. Cached entries go stale after 5
 // minutes, after which they will be re-fetched on the next read.
 //
@@ -116,7 +121,7 @@ func (c *ClusterConfigCache) getClusterConfigUncached(ctx context.Context, clust
 		}
 	}
 
-	dnsZones := []string{proxyPublicAddr}
+	var customDNSZones []string
 	ipv4CIDRRange := typesvnet.DefaultIPv4CIDRRange
 
 	vnetConfig, err := clusterClient.CurrentCluster().GetVnetConfig(ctx)
@@ -126,14 +131,15 @@ func (c *ClusterConfigCache) getClusterConfigUncached(ctx context.Context, clust
 		return nil, trace.Wrap(err)
 	} else {
 		for _, zone := range vnetConfig.GetSpec().GetCustomDnsZones() {
-			dnsZones = append(dnsZones, zone.GetSuffix())
+			customDNSZones = append(customDNSZones, zone.GetSuffix())
 		}
 		ipv4CIDRRange = cmp.Or(vnetConfig.GetSpec().GetIpv4CidrRange(), typesvnet.DefaultIPv4CIDRRange)
 	}
 
 	return &ClusterConfig{
-		DNSZones:      dnsZones,
-		IPv4CIDRRange: ipv4CIDRRange,
-		Expires:       c.clock.Now().Add(5 * time.Minute),
+		ProxyPublicAddr: proxyPublicAddr,
+		CustomDNSZones:  customDNSZones,
+		IPv4CIDRRange:   ipv4CIDRRange,
+		Expires:         c.clock.Now().Add(5 * time.Minute),
 	}, nil
 }

lib/vnet/fqdn_resolver.go

@@ -146,7 +146,7 @@ func (r *fqdnResolver) clusterClientForAppFQDN(ctx context.Context, profileName,
 			log.ErrorContext(ctx, "Failed to get VNet config, apps in this cluster will not be resolved.", "profile", profileName, "leaf_cluster", leafClusterName, "error", err)
 			continue
 		}
-		for _, zone := range clusterConfig.DNSZones {
+		for _, zone := range clusterConfig.appDNSZones() {
 			if isDescendantSubdomain(fqdn, zone) {
 				return clusterClient, nil
 			}

lib/vnet/osconfig.go

@@ -45,11 +45,11 @@ func configureOS(ctx context.Context, osConfig *osConfig, osConfigState *osConfi
 }
 
 type osConfigurator struct {
-	remoteOSConfigProvider *remoteOSConfigProvider
+	remoteOSConfigProvider *osConfigProvider
 	osConfigState          osConfigState
 }
 
-func newOSConfigurator(remoteOSConfigProvider *remoteOSConfigProvider) *osConfigurator {
+func newOSConfigurator(remoteOSConfigProvider *osConfigProvider) *osConfigurator {
 	return &osConfigurator{
 		remoteOSConfigProvider: remoteOSConfigProvider,
 	}

lib/vnet/remote_osconfig_provider.go → lib/vnet/osconfig_provider.go

@@ -24,9 +24,9 @@ import (
 	vnetv1 "github.com/gravitational/teleport/gen/proto/go/teleport/lib/vnet/v1"
 )
 
-// remoteOSConfigProvider fetches a target OS configuration based on cluster
+// osConfigProvider fetches a target OS configuration based on cluster
 // configuration fetched via the client application process available over gRPC.
-type remoteOSConfigProvider struct {
+type osConfigProvider struct {
 	clt     targetOSConfigGetter
 	tunName string
 	dnsAddr string
@@ -38,20 +38,20 @@ type targetOSConfigGetter interface {
 	GetTargetOSConfiguration(context.Context) (*vnetv1.TargetOSConfiguration, error)
 }
 
-func newRemoteOSConfigProvider(clt targetOSConfigGetter, tunName, ipv6Prefix, dnsAddr string) (*remoteOSConfigProvider, error) {
+func newOSConfigProvider(clt targetOSConfigGetter, tunName, ipv6Prefix, dnsAddr string) (*osConfigProvider, error) {
 	tunIPv6, err := tunIPv6ForPrefix(ipv6Prefix)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-	return &remoteOSConfigProvider{
+	return &osConfigProvider{
 		clt:     clt,
 		tunName: tunName,
 		dnsAddr: dnsAddr,
 		tunIPv6: tunIPv6,
 	}, nil
 }
 
-func (p *remoteOSConfigProvider) targetOSConfig(ctx context.Context) (*osConfig, error) {
+func (p *osConfigProvider) targetOSConfig(ctx context.Context) (*osConfig, error) {
 	targetOSConfig, err := p.clt.GetTargetOSConfiguration(ctx)
 	if err != nil {
 		return nil, trace.Wrap(err, "getting target OS configuration from client application")
@@ -73,7 +73,7 @@ func (p *remoteOSConfigProvider) targetOSConfig(ctx context.Context) (*osConfig,
 	}, nil
 }
 
-func (p *remoteOSConfigProvider) setTunIPv4FromCIDR(cidrRange string) error {
+func (p *osConfigProvider) setTunIPv4FromCIDR(cidrRange string) error {
 	if p.tunIPv4 != "" {
 		return nil
 	}

lib/vnet/remote_osconfig_provider_test.go → lib/vnet/osconfig_provider_test.go

@@ -25,7 +25,7 @@ import (
 	vnetv1 "github.com/gravitational/teleport/gen/proto/go/teleport/lib/vnet/v1"
 )
 
-func TestRemoteOSConfigProvider(t *testing.T) {
+func TestOSConfigProvider(t *testing.T) {
 	ctx := context.Background()
 	for _, tc := range []struct {
 		desc                 string
@@ -97,10 +97,10 @@ func TestRemoteOSConfigProvider(t *testing.T) {
 				},
 				err: tc.getTargetOSConfigErr,
 			}
-			remoteOSConfigProvider, err := newRemoteOSConfigProvider(targetOSConfigGetter, tc.tunName, tc.ipv6Prefix, tc.dnsAddr)
+			osConfigProvider, err := newOSConfigProvider(targetOSConfigGetter, tc.tunName, tc.ipv6Prefix, tc.dnsAddr)
 			require.NoError(t, err)
 
-			targetOSConfig, err := remoteOSConfigProvider.targetOSConfig(ctx)
+			targetOSConfig, err := osConfigProvider.targetOSConfig(ctx)
 			if tc.expectErr != nil {
 				require.ErrorIs(t, err, tc.expectErr)
 				return