Skip to content

Commit c8252b4

Browse files
zedkippzedkipp
committed
refactor(agent): use CLI flag for boundary log socket path
Add --boundary-log-socket flag (env: CODER_AGENT_BOUNDARY_LOG_SOCKET) to configure the boundary audit log socket path. The agent starts the proxy server in init() if configured. This replaces reading the socket path from manifest.EnvironmentVariables, making configuration consistent with other agent flags.
1 parent 0860ba7 commit c8252b4

File tree

2 files changed

+22
-11
lines changed

2 files changed

+22
-11
lines changed

agent/agent.go

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ type Options struct {
101101
Clock quartz.Clock
102102
SocketServerEnabled bool
103103
SocketPath string // Path for the agent socket server socket
104+
BoundaryLogSocket string // Path for the boundary audit log socket
104105
}
105106

106107
type Client interface {
@@ -208,6 +209,7 @@ func New(options Options) Agent {
208209
containerAPIOptions: options.DevcontainerAPIOptions,
209210
socketPath: options.SocketPath,
210211
socketServerEnabled: options.SocketServerEnabled,
212+
boundaryLogSocket: options.BoundaryLogSocket,
211213
}
212214
// Initially, we have a closed channel, reflecting the fact that we are not initially connected.
213215
// Each time we connect we replace the channel (while holding the closeMutex) with a new one
@@ -291,6 +293,7 @@ type agent struct {
291293
socketServerEnabled bool
292294
socketPath string
293295
socketServer *agentsocket.Server
296+
boundaryLogSocket string
294297
}
295298

296299
func (a *agent) TailnetConn() *tailnet.Conn {
@@ -372,6 +375,7 @@ func (a *agent) init() {
372375
)
373376

374377
a.initSocketServer()
378+
a.startBoundaryLogProxyServer()
375379

376380
go a.runLoop()
377381
}
@@ -396,19 +400,23 @@ func (a *agent) initSocketServer() {
396400
a.logger.Debug(a.hardCtx, "socket server started", slog.F("path", a.socketPath))
397401
}
398402

399-
// startBoundaryLogProxyServer starts the boundary log proxy socket server.
400-
// The socket path is configured via CODER_BOUNDARY_LOG_SOCKET in the workspace
401-
// template so both the agent and boundary can use the same path.
402-
func (a *agent) startBoundaryLogProxyServer(socketPath string) {
403-
proxy := boundarylogproxy.NewServer(a.logger, socketPath)
403+
// startBoundaryLogProxyServer starts the boundary log proxy socket server if
404+
// configured via the --boundary-log-socket flag or CODER_AGENT_BOUNDARY_LOG_SOCKET
405+
// env var.
406+
func (a *agent) startBoundaryLogProxyServer() {
407+
if a.boundaryLogSocket == "" {
408+
return
409+
}
410+
411+
proxy := boundarylogproxy.NewServer(a.logger, a.boundaryLogSocket)
404412
if err := proxy.Start(a.hardCtx); err != nil {
405413
a.logger.Warn(a.hardCtx, "failed to start boundary log proxy", slog.Error(err))
406414
return
407415
}
408416

409417
a.boundaryLogProxy = proxy
410418
a.logger.Info(a.hardCtx, "boundary log proxy server started",
411-
slog.F("socket_path", socketPath))
419+
slog.F("socket_path", a.boundaryLogSocket))
412420
}
413421

414422
// forwardBoundaryLogs forwards buffered boundary audit logs to coderd.
@@ -1212,11 +1220,6 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context,
12121220

12131221
// The startup script should only execute on the first run!
12141222
if oldManifest == nil {
1215-
// Start boundary log proxy if configured via CODER_BOUNDARY_LOG_SOCKET.
1216-
if socketPath := manifest.EnvironmentVariables["CODER_BOUNDARY_LOG_SOCKET"]; socketPath != "" {
1217-
a.startBoundaryLogProxyServer(socketPath)
1218-
}
1219-
12201223
a.setLifecycle(codersdk.WorkspaceAgentLifecycleStarting)
12211224

12221225
// Perform overrides early so that Git auth can work even if users

cli/agent.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@ func workspaceAgent() *serpent.Command {
5959
devcontainerDiscoveryAutostart bool
6060
socketServerEnabled bool
6161
socketPath string
62+
boundaryLogSocket string
6263
)
6364
agentAuth := &AgentAuth{}
6465
cmd := &serpent.Command{
@@ -321,6 +322,7 @@ func workspaceAgent() *serpent.Command {
321322
},
322323
SocketPath: socketPath,
323324
SocketServerEnabled: socketServerEnabled,
325+
BoundaryLogSocket: boundaryLogSocket,
324326
})
325327

326328
if debugAddress != "" {
@@ -494,6 +496,12 @@ func workspaceAgent() *serpent.Command {
494496
Description: "Specify the path for the agent socket.",
495497
Value: serpent.StringOf(&socketPath),
496498
},
499+
{
500+
Flag: "boundary-log-socket",
501+
Env: "CODER_AGENT_BOUNDARY_LOG_SOCKET",
502+
Description: "Path to the boundary audit log socket. If set, the agent listens for boundary logs on this socket and forwards them to coderd.",
503+
Value: serpent.StringOf(&boundaryLogSocket),
504+
},
497505
}
498506
agentAuth.AttachOptions(cmd, false)
499507
return cmd

0 commit comments

Comments
 (0)