Merge pull request cli#99 from github/runcommand

Alan Donovan · web-flow · commit c0fbb7e9fbf6 · 2021-08-31T17:30:00.000-04:00
preparatory cleanups to ssh tunnel/port forwarding code
diff --git a/cmd/ghcs/logs.go b/cmd/ghcs/logs.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"bufio"
 	"context"
 	"fmt"
 	"os"
@@ -24,7 +23,7 @@ func newLogsCmd() *cobra.Command {
 			if len(args) > 0 {
 				codespaceName = args[0]
 			}
-			return logs(tail, codespaceName)
+			return logs(context.Background(), tail, codespaceName)
 		},
 	}
 
@@ -37,9 +36,12 @@ func init() {
 	rootCmd.AddCommand(newLogsCmd())
 }
 
-func logs(tail bool, codespaceName string) error {
+func logs(ctx context.Context, tail bool, codespaceName string) error {
+	// Ensure all child tasks (port forwarding, remote exec) terminate before return.
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
 	apiClient := api.New(os.Getenv("GITHUB_TOKEN"))
-	ctx := context.Background()
 	log := output.NewLogger(os.Stdout, os.Stderr, false)
 
 	user, err := apiClient.GetUser(ctx)
@@ -57,12 +59,17 @@ func logs(tail bool, codespaceName string) error {
 		return fmt.Errorf("connecting to Live Share: %v", err)
 	}
 
+	localSSHPort, err := codespaces.UnusedPort()
+	if err != nil {
+		return err
+	}
+
 	remoteSSHServerPort, sshUser, err := codespaces.StartSSHServer(ctx, lsclient, log)
 	if err != nil {
 		return fmt.Errorf("error getting ssh server details: %v", err)
 	}
 
-	tunnelPort, connClosed, err := codespaces.MakeSSHTunnel(ctx, lsclient, 0, remoteSSHServerPort)
+	tunnel, err := codespaces.NewPortForwarder(ctx, lsclient, "sshd", localSSHPort, remoteSSHServerPort)
 	if err != nil {
 		return fmt.Errorf("make ssh tunnel: %v", err)
 	}
@@ -73,42 +80,30 @@ func logs(tail bool, codespaceName string) error {
 	}
 
 	dst := fmt.Sprintf("%s@localhost", sshUser)
-	stdout, err := codespaces.RunCommand(
-		ctx, tunnelPort, dst, fmt.Sprintf("%v /workspaces/.codespaces/.persistedshare/creation.log", cmdType),
+	cmd := codespaces.NewRemoteCommand(
+		ctx, localSSHPort, dst, fmt.Sprintf("%s /workspaces/.codespaces/.persistedshare/creation.log", cmdType),
 	)
-	if err != nil {
-		return fmt.Errorf("run command: %v", err)
-	}
 
-	done := make(chan error)
-	go func() {
-		scanner := bufio.NewScanner(stdout)
-		for scanner.Scan() {
-			fmt.Println(scanner.Text())
-		}
+	// Error channels are buffered so that neither sending goroutine gets stuck.
 
-		if err := scanner.Err(); err != nil {
-			done <- fmt.Errorf("error scanning: %v", err)
-			return
-		}
+	tunnelClosed := make(chan error, 1)
+	go func() {
+		tunnelClosed <- tunnel.Start(ctx) // error is non-nil
+	}()
 
-		if err := stdout.Close(); err != nil {
-			done <- fmt.Errorf("close stdout: %v", err)
-			return
-		}
-		done <- nil
+	cmdDone := make(chan error, 1)
+	go func() {
+		cmdDone <- cmd.Run()
 	}()
 
 	select {
-	case err := <-connClosed:
-		if err != nil {
-			return fmt.Errorf("connection closed: %v", err)
-		}
-	case err := <-done:
+	case err := <-tunnelClosed:
+		return fmt.Errorf("connection closed: %v", err)
+
+	case err := <-cmdDone:
 		if err != nil {
-			return err
+			return fmt.Errorf("error retrieving logs: %v", err)
 		}
+		return nil // success
 	}
-
-	return nil
 }
diff --git a/cmd/ghcs/ssh.go b/cmd/ghcs/ssh.go
@@ -23,7 +23,7 @@ func newSSHCmd() *cobra.Command {
 		Short: "SSH into a Codespace",
 		Args:  cobra.NoArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return ssh(sshProfile, codespaceName, sshServerPort)
+			return ssh(context.Background(), sshProfile, codespaceName, sshServerPort)
 		},
 	}
 
@@ -38,9 +38,12 @@ func init() {
 	rootCmd.AddCommand(newSSHCmd())
 }
 
-func ssh(sshProfile, codespaceName string, sshServerPort int) error {
+func ssh(ctx context.Context, sshProfile, codespaceName string, localSSHServerPort int) error {
+	// Ensure all child tasks (e.g. port forwarding) terminate before return.
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
 	apiClient := api.New(os.Getenv("GITHUB_TOKEN"))
-	ctx := context.Background()
 	log := output.NewLogger(os.Stdout, os.Stderr, false)
 
 	user, err := apiClient.GetUser(ctx)
@@ -81,7 +84,16 @@ func ssh(sshProfile, codespaceName string, sshServerPort int) error {
 	}
 	log.Print("\n")
 
-	tunnelPort, tunnelClosed, err := codespaces.MakeSSHTunnel(ctx, lsclient, sshServerPort, remoteSSHServerPort)
+	usingCustomPort := true
+	if localSSHServerPort == 0 {
+		usingCustomPort = false // suppress log of command line in Shell
+		localSSHServerPort, err = codespaces.UnusedPort()
+		if err != nil {
+			return err
+		}
+	}
+
+	tunnel, err := codespaces.NewPortForwarder(ctx, lsclient, "sshd", localSSHServerPort, remoteSSHServerPort)
 	if err != nil {
 		return fmt.Errorf("make ssh tunnel: %v", err)
 	}
@@ -91,22 +103,27 @@ func ssh(sshProfile, codespaceName string, sshServerPort int) error {
 		connectDestination = fmt.Sprintf("%s@localhost", sshUser)
 	}
 
-	usingCustomPort := tunnelPort == sshServerPort
-	connClosed := codespaces.ConnectToTunnel(ctx, log, tunnelPort, connectDestination, usingCustomPort)
+	tunnelClosed := make(chan error)
+	go func() {
+		tunnelClosed <- tunnel.Start(ctx) // error is always non-nil
+	}()
+
+	shellClosed := make(chan error)
+	go func() {
+		shellClosed <- codespaces.Shell(ctx, log, localSSHServerPort, connectDestination, usingCustomPort)
+	}()
 
 	log.Println("Ready...")
 	select {
 	case err := <-tunnelClosed:
+		return fmt.Errorf("tunnel closed: %v", err)
+
+	case err := <-shellClosed:
 		if err != nil {
-			return fmt.Errorf("tunnel closed: %v", err)
-		}
-	case err := <-connClosed:
-		if err != nil {
-			return fmt.Errorf("connection closed: %v", err)
+			return fmt.Errorf("shell closed: %v", err)
 		}
+		return nil // success
 	}
-
-	return nil
 }
 
 func getContainerID(ctx context.Context, logger *output.Logger, terminal *liveshare.Terminal) (string, error) {
diff --git a/internal/codespaces/ssh.go b/internal/codespaces/ssh.go
@@ -4,45 +4,54 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io"
-	"math/rand"
+	"net"
 	"os"
 	"os/exec"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/github/go-liveshare"
 )
 
-func MakeSSHTunnel(ctx context.Context, lsclient *liveshare.Client, localSSHPort int, remoteSSHPort int) (int, <-chan error, error) {
-	tunnelClosed := make(chan error)
+// UnusedPort returns the number of a local TCP port that is currently
+// unbound, or an error if none was available.
+//
+// Use of this function carries an inherent risk of a time-of-check to
+// time-of-use race against other processes.
+func UnusedPort() (int, error) {
+	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
+	if err != nil {
+		return 0, fmt.Errorf("internal error while choosing port: %v", err)
+	}
 
-	server, err := liveshare.NewServer(lsclient)
+	l, err := net.ListenTCP("tcp", addr)
 	if err != nil {
-		return 0, nil, fmt.Errorf("new Live Share server: %v", err)
+		return 0, fmt.Errorf("choosing available port: %v", err)
 	}
+	defer l.Close()
+	return l.Addr().(*net.TCPAddr).Port, nil
+}
 
-	rand.Seed(time.Now().Unix())
-	port := rand.Intn(9999-2000) + 2000 // improve this obviously
-	if localSSHPort != 0 {
-		port = localSSHPort
+// NewPortForwarder returns a new port forwarder for traffic between
+// the Live Share client and the specified local and remote ports.
+//
+// The session name is used (along with the port) to generate
+// names for streams, and may appear in error messages.
+func NewPortForwarder(ctx context.Context, client *liveshare.Client, sessionName string, localSSHPort, remoteSSHPort int) (*liveshare.PortForwarder, error) {
+	if localSSHPort == 0 {
+		return nil, fmt.Errorf("a local port must be provided")
 	}
 
-	if err := server.StartSharing(ctx, "sshd", remoteSSHPort); err != nil {
-		return 0, nil, fmt.Errorf("sharing sshd port: %v", err)
+	server, err := liveshare.NewServer(client)
+	if err != nil {
+		return nil, fmt.Errorf("new liveshare server: %v", err)
 	}
 
-	go func() {
-		portForwarder := liveshare.NewPortForwarder(lsclient, server, port)
-		if err := portForwarder.Start(ctx); err != nil {
-			tunnelClosed <- fmt.Errorf("forwarding port: %v", err)
-			return
-		}
-		tunnelClosed <- nil
-	}()
+	if err := server.StartSharing(ctx, "sshd", remoteSSHPort); err != nil {
+		return nil, fmt.Errorf("sharing sshd port: %v", err)
+	}
 
-	return port, tunnelClosed, nil
+	return liveshare.NewPortForwarder(client, server, localSSHPort), nil
 }
 
 // StartSSHServer installs (if necessary) and starts the SSH in the codespace.
@@ -72,72 +81,41 @@ func StartSSHServer(ctx context.Context, client *liveshare.Client, log logger) (
 	return portInt, sshServerStartResult.User, nil
 }
 
-func makeSSHArgs(port int, dst, cmd string) ([]string, []string) {
-	connArgs := []string{"-p", strconv.Itoa(port), "-o", "NoHostAuthenticationForLocalhost=yes"}
-	cmdArgs := append([]string{dst, "-X", "-Y", "-C"}, connArgs...) // X11, X11Trust, Compression
-
-	if cmd != "" {
-		cmdArgs = append(cmdArgs, cmd)
-	}
-
-	return cmdArgs, connArgs
-}
-
-func ConnectToTunnel(ctx context.Context, log logger, port int, destination string, usingCustomPort bool) <-chan error {
-	connClosed := make(chan error)
-	args, connArgs := makeSSHArgs(port, destination, "")
+// Shell runs an interactive secure shell over an existing
+// port-forwarding session. It runs until the shell is terminated
+// (including by cancellation of the context).
+func Shell(ctx context.Context, log logger, port int, destination string, usingCustomPort bool) error {
+	cmd, connArgs := newSSHCommand(ctx, port, destination, "")
 
 	if usingCustomPort {
 		log.Println("Connection Details: ssh " + destination + " " + strings.Join(connArgs, " "))
 	}
 
-	cmd := exec.CommandContext(ctx, "ssh", args...)
-	cmd.Stdout = os.Stdout
-	cmd.Stdin = os.Stdin
-	cmd.Stderr = os.Stderr
-
-	go func() {
-		connClosed <- cmd.Run()
-	}()
-
-	return connClosed
-}
-
-type command struct {
-	Cmd        *exec.Cmd
-	StdoutPipe io.ReadCloser
+	return cmd.Run()
 }
 
-func newCommand(cmd *exec.Cmd) (*command, error) {
-	stdoutPipe, err := cmd.StdoutPipe()
-	if err != nil {
-		return nil, fmt.Errorf("create stdout pipe: %v", err)
-	}
-
-	if err := cmd.Start(); err != nil {
-		return nil, fmt.Errorf("cmd start: %v", err)
-	}
-
-	return &command{
-		Cmd:        cmd,
-		StdoutPipe: stdoutPipe,
-	}, nil
+// NewRemoteCommand returns an exec.Cmd that will securely run a shell
+// command on the remote machine.
+func NewRemoteCommand(ctx context.Context, tunnelPort int, destination, command string) *exec.Cmd {
+	cmd, _ := newSSHCommand(ctx, tunnelPort, destination, command)
+	return cmd
 }
 
-func (c *command) Read(p []byte) (int, error) {
-	return c.StdoutPipe.Read(p)
-}
+// newSSHCommand populates an exec.Cmd to run a command (or if blank,
+// an interactive shell) over ssh.
+func newSSHCommand(ctx context.Context, port int, dst, command string) (*exec.Cmd, []string) {
+	connArgs := []string{"-p", strconv.Itoa(port), "-o", "NoHostAuthenticationForLocalhost=yes"}
+	// TODO(adonovan): eliminate X11 and X11Trust flags where unneeded.
+	cmdArgs := append([]string{dst, "-X", "-Y", "-C"}, connArgs...) // X11, X11Trust, Compression
 
-func (c *command) Close() error {
-	if err := c.StdoutPipe.Close(); err != nil {
-		return fmt.Errorf("close stdout: %v", err)
+	if command != "" {
+		cmdArgs = append(cmdArgs, command)
 	}
 
-	return c.Cmd.Wait()
-}
+	cmd := exec.CommandContext(ctx, "ssh", cmdArgs...)
+	cmd.Stdout = os.Stdout
+	cmd.Stdin = os.Stdin
+	cmd.Stderr = os.Stderr
 
-func RunCommand(ctx context.Context, tunnelPort int, destination, cmdString string) (io.ReadCloser, error) {
-	args, _ := makeSSHArgs(tunnelPort, destination, cmdString)
-	cmd := exec.CommandContext(ctx, "ssh", args...)
-	return newCommand(cmd)
+	return cmd, connArgs
 }
diff --git a/internal/codespaces/states.go b/internal/codespaces/states.go
