Merge branch 'main' into dependabot/go_modules/cloud.google.com/go/co…

…mpute/metadata-0.5.1
buildkite · Sep 17, 2024 · f1c232d · f1c232d
2 parents acf44d2 + 12e7aa8
commit f1c232d
Show file tree

Hide file tree

Showing 15 changed files with 172 additions and 13 deletions.
diff --git a/agent/integration/config_allowlisting_integration_test.go b/agent/integration/config_allowlisting_integration_test.go
@@ -119,6 +119,7 @@ func TestConfigAllowlisting(t *testing.T) {
 					"BUILDKITE":         "true",
 					"BUILDKITE_COMMAND": "echo hello",
 				},
+				Token: "bkaj_job-token",
 			}
 
 			for k, v := range tc.extraEnv {

diff --git a/agent/integration/job_environment_integration_test.go b/agent/integration/job_environment_integration_test.go
@@ -22,6 +22,7 @@ func TestWhenCachePathsSetInJobStep_CachePathsEnvVarIsSet(t *testing.T) {
 				Paths: []string{"foo", "bar"},
 			},
 		},
+		Token: "bkaj_job-token",
 	}
 
 	mb := mockBootstrap(t)

diff --git a/agent/integration/job_runner_integration_test.go b/agent/integration/job_runner_integration_test.go
@@ -103,6 +103,7 @@ func TestPreBootstrapHookScripts(t *testing.T) {
 				Env: map[string]string{
 					"BUILDKITE_COMMAND": "echo hello world",
 				},
+				Token: "bkaj_job-token",
 			}
 
 			mb := mockBootstrap(t)
@@ -150,6 +151,7 @@ func TestPreBootstrapHookRefusesJob(t *testing.T) {
 		Env: map[string]string{
 			"BUILDKITE_COMMAND": "echo hello world",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	// create a mock agent API
@@ -197,6 +199,7 @@ func TestJobRunner_WhenBootstrapExits_ItSendsTheExitStatusToTheAPI(t *testing.T)
 				Env: map[string]string{
 					"BUILDKITE_COMMAND": "echo hello world",
 				},
+				Token: "bkaj_job-token",
 			}
 
 			mb := mockBootstrap(t)
@@ -231,7 +234,7 @@ func TestJobRunner_WhenJobHasToken_ItOverridesAccessToken(t *testing.T) {
 	t.Parallel()
 	ctx := context.Background()
 
-	jobToken := "actually-llamas-are-only-okay"
+	jobToken := "bkaj_actually-llamas-are-only-okay"
 
 	j := &api.Job{
 		ID:                 "my-job-id",
@@ -280,13 +283,14 @@ func TestJobRunnerPassesAccessTokenToBootstrap(t *testing.T) {
 		Env: map[string]string{
 			"BUILDKITE_COMMAND": "echo hello world",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	mb := mockBootstrap(t)
 	defer mb.CheckAndClose(t)
 
 	mb.Expect().Once().AndExitWith(0).AndCallFunc(func(c *bintest.Call) {
-		if got, want := c.GetEnv("BUILDKITE_AGENT_ACCESS_TOKEN"), "llamasrock"; got != want {
+		if got, want := c.GetEnv("BUILDKITE_AGENT_ACCESS_TOKEN"), "bkaj_job-token"; got != want {
 			t.Errorf("c.GetEnv(BUILDKITE_AGENT_ACCESS_TOKEN) = %q, want %q", got, want)
 		}
 		c.Exit(0)
@@ -319,6 +323,7 @@ func TestJobRunnerIgnoresPipelineChangesToProtectedVars(t *testing.T) {
 			"BUILDKITE_COMMAND":      "echo hello world",
 			"BUILDKITE_COMMAND_EVAL": "false",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	mb := mockBootstrap(t)

diff --git a/agent/integration/job_verification_integration_test.go b/agent/integration/job_verification_integration_test.go
@@ -46,6 +46,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "1", // step env overrides pipeline env
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithNoPluginConfig = api.Job{
@@ -67,6 +68,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "1", // step env overrides pipeline env
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithNoPlugins = api.Job{
@@ -82,6 +84,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "0",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithNullPlugins = api.Job{
@@ -97,6 +100,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "0",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithMismatchedStepAndJob = api.Job{
@@ -110,6 +114,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "0",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithMismatchedPlugins = api.Job{
@@ -130,6 +135,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "0",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithMissingPlugins = api.Job{
@@ -150,6 +156,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "0",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithMismatchedEnv = api.Job{
@@ -163,6 +170,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "crimes",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithStepEnvButNoCorrespondingJobEnv = api.Job{
@@ -177,6 +185,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "0",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithPipelineEnvButNoCorrespondingJobEnv = api.Job{
@@ -189,6 +198,7 @@ var (
 			"BUILDKITE_COMMAND": "echo hello world",
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithMatrix = api.Job{
@@ -206,6 +216,7 @@ var (
 			"greeting": "hello",
 			"object":   "world",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithInvalidMatrixPermutation = api.Job{
@@ -223,6 +234,7 @@ var (
 			"greeting": "goodbye",
 			"object":   "mister anderson",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithMatrixMismatch = api.Job{
@@ -240,6 +252,7 @@ var (
 			"greeting": "hello",
 			"object":   "world",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithPipelineInvariantsInEnv = api.Job{
@@ -253,6 +266,7 @@ var (
 			"BUILDKITE_REPO":    defaultRepositoryURL,
 			"DEPLOY":            "0",
 		},
+		Token: "bkaj_job-token",
 	}
 
 	jobWithInvalidPipelineInvariantsInEnv = api.Job{
@@ -266,6 +280,7 @@ var (
 			"BUILDKITE_REPO":    "https://github.com/haxors/agent.git",
 			"DEPLOY":            "0",
 		},
+		Token: "bkaj_job-token",
 	}
 )
 

diff --git a/agent/integration/test_helpers.go b/agent/integration/test_helpers.go
@@ -229,6 +229,15 @@ func (t *testAgentEndpoint) server(extraRoutes ...route) *httptest.Server {
 			t.calls[req.URL.Path] = append(t.calls[req.URL.Path], b)
 			t.mtx.Unlock()
 
+			// We also require job tokens are used for authentication
+			authzHeader := req.Header.Get("Authorization")
+			if !strings.HasPrefix(authzHeader, "Token bkaj_") {
+				msg := fmt.Sprintf("Authorization header = %q, want job token prefix 'Token bkaj_'", authzHeader)
+				fmt.Fprintln(os.Stderr, msg)
+				http.Error(rw, msg, http.StatusUnauthorized)
+				return
+			}
+
 			next.ServeHTTP(rw, req)
 		})
 	}

diff --git a/agent/job_runner.go b/agent/job_runner.go
@@ -179,7 +179,6 @@ func NewJobRunner(ctx context.Context, l logger.Logger, apiClient APIClient, con
 		agentLogger: l,
 		conf:        conf,
 		apiClient:   apiClient,
-		client:      &core.Client{APIClient: apiClient, Logger: l},
 	}
 
 	var err error
@@ -199,6 +198,7 @@ func NewJobRunner(ctx context.Context, l logger.Logger, apiClient APIClient, con
 		clientConf.Token = r.conf.Job.Token
 		r.apiClient = api.NewClient(r.agentLogger, clientConf)
 	}
+	r.client = &core.Client{APIClient: r.apiClient, Logger: l}
 
 	// Create our header times struct
 	r.headerTimesStreamer = newHeaderTimesStreamer(r.agentLogger, r.onUploadHeaderTime)

diff --git a/api/client.go b/api/client.go
@@ -11,7 +11,9 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/http/httptrace"
 	"net/http/httputil"
+	"net/textproto"
 	"net/url"
 	"reflect"
 	"strconv"
@@ -45,6 +47,9 @@ type Config struct {
 	// If true, requests and responses will be dumped and set to the logger
 	DebugHTTP bool
 
+	// If true timings for each request will be logged
+	TraceHTTP bool
+
 	// The http client used, leave nil for the default
 	HTTPClient *http.Client
 
@@ -253,12 +258,22 @@ func (c *Client) doRequest(req *http.Request, v any) (*Response, error) {
 		}
 	}
 
+	tracer := &tracer{Logger: c.logger}
+	if c.conf.TraceHTTP {
+		// Inject a custom http tracer
+		req = traceHTTPRequest(req, tracer)
+		tracer.Start()
+	}
+
 	ts := time.Now()
 
 	c.logger.Debug("%s %s", req.Method, req.URL)
 
 	resp, err := c.client.Do(req)
 	if err != nil {
+		if c.conf.TraceHTTP {
+			tracer.EmitTraceToLog(logger.ERROR)
+		}
 		return nil, err
 	}
 
@@ -282,6 +297,10 @@ func (c *Client) doRequest(req *http.Request, v any) (*Response, error) {
 		}
 	}
 
+	if c.conf.TraceHTTP {
+		tracer.EmitTraceToLog(logger.DEBUG)
+	}
+
 	err = checkResponse(resp)
 	if err != nil {
 		// even though there was an error, we still return the response
@@ -306,6 +325,105 @@ func (c *Client) doRequest(req *http.Request, v any) (*Response, error) {
 	return response, err
 }
 
+type traceEvent struct {
+	event string
+	since time.Duration
+}
+
+type tracer struct {
+	startTime time.Time
+	logger.Logger
+}
+
+func (t *tracer) Start() {
+	t.startTime = time.Now()
+}
+
+func (t *tracer) LogTiming(event string) {
+	t.Logger = t.Logger.WithFields(logger.DurationField(event, time.Since(t.startTime)))
+}
+
+func (t *tracer) LogField(key, value string) {
+	t.Logger = t.Logger.WithFields(logger.StringField(key, value))
+}
+
+func (t *tracer) LogDuration(event string, d time.Duration) {
+	t.Logger = t.Logger.WithFields(logger.DurationField(event, d))
+}
+
+// Currently logger.Logger doesn't give us a way to set the level we want to emit logs at dynamically
+func (t *tracer) EmitTraceToLog(level logger.Level) {
+	msg := "HTTP Timing Trace"
+	switch level {
+	case logger.DEBUG:
+		t.Debug(msg)
+	case logger.INFO:
+		t.Info(msg)
+	case logger.WARN:
+		t.Warn(msg)
+	case logger.ERROR:
+		t.Error(msg)
+	}
+}
+
+func traceHTTPRequest(req *http.Request, t *tracer) *http.Request {
+	trace := &httptrace.ClientTrace{
+		GetConn: func(hostPort string) {
+			t.LogField("hostPort", hostPort)
+			t.LogTiming("getConn")
+		},
+		GotConn: func(info httptrace.GotConnInfo) {
+			t.LogTiming("gotConn")
+			t.LogField("reused", strconv.FormatBool(info.Reused))
+			t.LogField("idle", strconv.FormatBool(info.WasIdle))
+			t.LogDuration("idleTime", info.IdleTime)
+		},
+		PutIdleConn: func(err error) {
+			t.LogTiming("putIdleConn")
+			if err != nil {
+				t.LogField("putIdleConnectionError", err.Error())
+			}
+		},
+		GotFirstResponseByte: func() {
+			t.LogTiming("gotFirstResponseByte")
+		},
+		Got1xxResponse: func(code int, header textproto.MIMEHeader) error {
+			t.LogTiming("got1xxResponse")
+			return nil
+		},
+		DNSStart: func(_ httptrace.DNSStartInfo) {
+			t.LogTiming("dnsStart")
+		},
+		DNSDone: func(_ httptrace.DNSDoneInfo) {
+			t.LogTiming("dnsDone")
+		},
+		ConnectStart: func(network, addr string) {
+			t.LogTiming(fmt.Sprintf("connectStart.%s.%s", network, addr))
+		},
+		ConnectDone: func(network, addr string, _ error) {
+			t.LogTiming(fmt.Sprintf("connectDone.%s.%s", network, addr))
+		},
+		TLSHandshakeStart: func() {
+			t.LogTiming("tlsHandshakeStart")
+		},
+		TLSHandshakeDone: func(_ tls.ConnectionState, _ error) {
+			t.LogTiming("tlsHandshakeDone")
+		},
+		WroteHeaders: func() {
+			t.LogTiming("wroteHeaders")
+		},
+		WroteRequest: func(_ httptrace.WroteRequestInfo) {
+			t.LogTiming("wroteRequest")
+		},
+	}
+
+	req = req.WithContext(httptrace.WithClientTrace(req.Context(), trace))
+
+	t.LogField("uri", req.URL.String())
+	t.LogField("method", req.Method)
+	return req
+}
+
 // ErrorResponse provides a message.
 type ErrorResponse struct {
 	Response *http.Response // HTTP response that caused this error
-Original file line number
+Diff line change
@@ Expand Up @@
     				Paths: []string{"foo", "bar"},
     			},
     		},
+    		Token: "bkaj_job-token",
     	}
     	mb := mockBootstrap(t)
@@ Expand Down @@