Skip to content

[FS-266] Fix SFT URL fecthing based on plain HTTP via IPv4 #2026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rohan-wire merged 4 commits into from
Jan 5, 2022
Merged

[FS-266] Fix SFT URL fecthing based on plain HTTP via IPv4 #2026

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7f3fcf2
Introduce logging of discovered IPv4 addresses
Jan 5, 2022
401c5a3
Use plain HTTP instead of HTTPS
Jan 5, 2022
424e5fd
Add a proper integration test for sft_servers_all
Jan 5, 2022
5bcdddb
Add a changelog
Jan 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/6-federation/sft-fix-ipv4-http
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Allow making HTTP-only requests to SFTs via an IPv4 address
3 changes: 2 additions & 1 deletion services/brig/brig.cabal
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ cabal-version: 2.0
--
-- see: https://github.com/sol/hpack
--
-- hash: addf4b080e564149f44c6cdb33c824734aa68cc9ff021f41268938902e2958b0
-- hash: 2f8a3d719633015dac9204d43e0b4c79ce5b21b022cd9d4cce3868feea9460e8

name: brig
version: 2.0
Expand Down Expand Up @@ -506,6 +506,7 @@ test-suite brig-tests
, polysemy-wire-zoo
, retry
, servant-client-core
, string-conversions
, tasty
, tasty-hunit
, tasty-quickcheck
Expand Down
2 changes: 1 addition & 1 deletion services/brig/brig.integration.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ optSettings:
# to be added to the CI environment
setSftLookup:
domain: sftd.integration-tests.zinfra.io
port: 443
port: 80
isTestingEnvironment: true

logLevel: Warn
Expand Down
1 change: 1 addition & 0 deletions services/brig/package.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,7 @@ tests:
- polysemy-wire-zoo
- retry
- servant-client-core
- string-conversions
- tasty
- tasty-hunit
- tasty-quickcheck
Expand Down
4 changes: 3 additions & 1 deletion services/brig/src/Brig/Calling.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,9 @@ discoverSFTServers domain =
discoverSFTServersAll :: Members [DNSLookup, TinyLog] r => DNS.Domain -> Sem r (Maybe [IPv4])
discoverSFTServersAll domain =
lookupA domain >>= \case
AIPv4s ips -> pure . Just $ ips
AIPv4s ips -> do
info (Log.msg ("Found the following IP addresses for SFT servers" :: ByteString) . Log.field "addresses" (show ips))
pure . Just $ ips
AResponseError e -> do
err (Log.msg ("DNS Lookup failed for SFT Discovery" :: ByteString) . Log.field "Error" (show e))
pure Nothing
Expand Down
2 changes: 1 addition & 1 deletion services/brig/src/Brig/Effects/SFT.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ interpretSFT httpManager = interpret $ \(SFTGetClientUrl ipAddr port) -> do
let req =
parseRequest_ $
mconcat
[ "GET https://",
[ "GET http://",
show ipAddr,
":",
show . portNumber $ port,
Expand Down
22 changes: 20 additions & 2 deletions services/brig/test/integration/API/Calling.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,10 @@ tests m b opts turn turnV2 = do
test m "multiple servers /calls/config - 200" . withTurnFile turn $ testCallsConfigMultiple b,
test m "multiple servers /calls/config/v2 - 200" . withTurnFile turnV2 $ testCallsConfigMultipleV2 b
],
testGroup "sft" $
testGroup
"sft"
[ test m "SFT servers /calls/config/v2 - 200" $ testSFT b opts,
test m "SFT servers all /calls/config/v2 - 200" $ testSFTServersAll b opts,
test m "SFT servers static URI - 200" $ testSFTStatic b opts
]
]
Expand Down Expand Up @@ -122,7 +124,23 @@ testSFT b opts = do
"when SFT discovery is enabled, sft_servers should be returned"
(Set.fromList [sftServer server1, sftServer server2])
(Set.fromList $ maybe [] NonEmpty.toList $ cfg1 ^. rtcConfSftServers)
void . for (cfg1 ^. rtcConfSftServersAll) $ \allServers -> do

testSFTServersAll :: Brig -> Opts.Opts -> Http ()
testSFTServersAll b opts = do
uid <- userId <$> randomUser b
let lookupSettings = Opts.SFTLookup (Opts.LookupDomain "sftd.integration-tests.zinfra.io") (Port 80) True
let newOptSettings = (Opts.optSettings opts) {Opts.setSftLookup = Just lookupSettings}
let opts' =
opts
{ Opts.sft = Just $ Opts.SFTOptions "integration-tests.zinfra.io" Nothing (Just 0.001) Nothing,
Opts.optSettings = newOptSettings
}
withSettingsOverrides opts' $ do
cfg1 <- retryWhileN 10 (isNothing . view rtcConfSftServersAll) (getTurnConfigurationV2 uid b)
-- These values are controlled by https://github.com/zinfra/cailleach/blob/459591512a02333e62abebe28656874cab3b4380/environments/dns-integration-tests
liftIO $ case cfg1 ^. rtcConfSftServersAll of
Nothing -> assertFailure "sft_servers_all not configured"
Just allServers -> do
let Right clientUrl = mkHttpsUrl =<< first show (parseURI laxURIParserOptions "https://sft01.avs.zinfra.io")
assertEqual
"when SFT discovery is enabled and SFT lookup configured, sft_servers_all should be returned"
Expand Down
10 changes: 9 additions & 1 deletion services/brig/test/unit/Test/Brig/Calling.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import Data.List.NonEmpty (NonEmpty (..))
import qualified Data.List.NonEmpty as NonEmpty
import Data.Range
import qualified Data.Set as Set
import Data.String.Conversions
import Imports
import Network.DNS
import Polysemy
Expand Down Expand Up @@ -264,7 +265,14 @@ testSFTDiscoverAWhenAvailable = do
=<< ( runM . recordLogs logRecorder . runFakeDNSLookup fakeDNSEnv $
discoverSFTServersAll "foo.example.com"
)
assertEqual "nothing should be logged" []
assertEqual
"should report discovered IP addresses"
[ ( Log.Info,
"Found the following IP addresses for SFT servers, addresses="
<> (cs . show $ returnedEntries)
<> "\n"
)
]
=<< readIORef (recordedLogs logRecorder)

testSFTDiscoverAWhenDNSFails :: IO ()
Expand Down