Implement immediate schedule support

hugoShaka · hugoShaka · commit dd7910741cd8 · 2024-10-24T17:35:10.000-04:00
diff --git a/api/client/webclient/webclient.go b/api/client/webclient/webclient.go
@@ -336,6 +336,12 @@ type AutoUpdateSettings struct {
 	ToolsVersion string `json:"tools_version"`
 	// ToolsMode defines mode client auto update feature `enabled|disabled`.
 	ToolsMode string `json:"tools_mode"`
+	// AgentVersion defines the version of teleport that agents enrolled into autoupdates should run.
+	AgentVersion string `json:"agent_version"`
+	// AgentAutoUpdate indicates if the requesting agent should attempt to update now.
+	AgentAutoUpdate bool `json:"agent_auto_update"`
+	// AgentUpdateJitterSeconds defines the jitter time an agent should wait before updating.
+	AgentUpdateJitterSeconds int `json:"agent_update_jitter_seconds"`
 }
 
 // KubeProxySettings is kubernetes proxy settings
diff --git a/api/types/autoupdate/rollout_test.go b/api/types/autoupdate/rollout_test.go
@@ -41,7 +41,7 @@ func TestNewAutoUpdateAgentRollout(t *testing.T) {
 			spec: &autoupdate.AutoUpdateAgentRolloutSpec{
 				StartVersion:   "1.2.3",
 				TargetVersion:  "2.3.4-dev",
-				Schedule:       AgentsScheduleRegular,
+				Schedule:       AgentsScheduleImmediate,
 				AutoupdateMode: AgentsUpdateModeEnabled,
 				Strategy:       AgentsStrategyHaltOnError,
 			},
@@ -57,7 +57,7 @@ func TestNewAutoUpdateAgentRollout(t *testing.T) {
 				Spec: &autoupdate.AutoUpdateAgentRolloutSpec{
 					StartVersion:   "1.2.3",
 					TargetVersion:  "2.3.4-dev",
-					Schedule:       AgentsScheduleRegular,
+					Schedule:       AgentsScheduleImmediate,
 					AutoupdateMode: AgentsUpdateModeEnabled,
 					Strategy:       AgentsStrategyHaltOnError,
 				},
@@ -74,7 +74,7 @@ func TestNewAutoUpdateAgentRollout(t *testing.T) {
 			name: "missing start version",
 			spec: &autoupdate.AutoUpdateAgentRolloutSpec{
 				TargetVersion:  "2.3.4-dev",
-				Schedule:       AgentsScheduleRegular,
+				Schedule:       AgentsScheduleImmediate,
 				AutoupdateMode: AgentsUpdateModeEnabled,
 				Strategy:       AgentsStrategyHaltOnError,
 			},
@@ -87,7 +87,7 @@ func TestNewAutoUpdateAgentRollout(t *testing.T) {
 			spec: &autoupdate.AutoUpdateAgentRolloutSpec{
 				StartVersion:   "1.2.3",
 				TargetVersion:  "2-3-4",
-				Schedule:       AgentsScheduleRegular,
+				Schedule:       AgentsScheduleImmediate,
 				AutoupdateMode: AgentsUpdateModeEnabled,
 				Strategy:       AgentsStrategyHaltOnError,
 			},
@@ -100,7 +100,7 @@ func TestNewAutoUpdateAgentRollout(t *testing.T) {
 			spec: &autoupdate.AutoUpdateAgentRolloutSpec{
 				StartVersion:   "1.2.3",
 				TargetVersion:  "2.3.4-dev",
-				Schedule:       AgentsScheduleRegular,
+				Schedule:       AgentsScheduleImmediate,
 				AutoupdateMode: "invalid-mode",
 				Strategy:       AgentsStrategyHaltOnError,
 			},
@@ -126,7 +126,7 @@ func TestNewAutoUpdateAgentRollout(t *testing.T) {
 			spec: &autoupdate.AutoUpdateAgentRolloutSpec{
 				StartVersion:   "1.2.3",
 				TargetVersion:  "2.3.4-dev",
-				Schedule:       AgentsScheduleRegular,
+				Schedule:       AgentsScheduleImmediate,
 				AutoupdateMode: AgentsUpdateModeEnabled,
 				Strategy:       "invalid-strategy",
 			},
diff --git a/api/types/autoupdate/utils.go b/api/types/autoupdate/utils.go
@@ -51,8 +51,10 @@ func checkToolsMode(mode string) error {
 
 func checkScheduleName(schedule string) error {
 	switch schedule {
-	case AgentsScheduleRegular, AgentsScheduleImmediate:
+	case AgentsScheduleImmediate:
 		return nil
+	case AgentsScheduleRegular:
+		return trace.BadParameter("regular schedule is not implemented yet")
 	default:
 		return trace.BadParameter("unsupported schedule type: %q", schedule)
 	}
diff --git a/api/types/autoupdate/version_test.go b/api/types/autoupdate/version_test.go
@@ -94,7 +94,7 @@ func TestNewAutoUpdateVersion(t *testing.T) {
 				Agents: &autoupdate.AutoUpdateVersionSpecAgents{
 					StartVersion:  "1.2.3-dev.1",
 					TargetVersion: "1.2.3-dev.2",
-					Schedule:      AgentsScheduleRegular,
+					Schedule:      AgentsScheduleImmediate,
 					Mode:          AgentsUpdateModeEnabled,
 				},
 			},
@@ -111,7 +111,7 @@ func TestNewAutoUpdateVersion(t *testing.T) {
 					Agents: &autoupdate.AutoUpdateVersionSpecAgents{
 						StartVersion:  "1.2.3-dev.1",
 						TargetVersion: "1.2.3-dev.2",
-						Schedule:      AgentsScheduleRegular,
+						Schedule:      AgentsScheduleImmediate,
 						Mode:          AgentsUpdateModeEnabled,
 					},
 				},
@@ -124,7 +124,7 @@ func TestNewAutoUpdateVersion(t *testing.T) {
 					StartVersion:  "",
 					TargetVersion: "1.2.3",
 					Mode:          AgentsUpdateModeEnabled,
-					Schedule:      AgentsScheduleRegular,
+					Schedule:      AgentsScheduleImmediate,
 				},
 			},
 			assertErr: func(t *testing.T, err error, a ...any) {
@@ -138,7 +138,7 @@ func TestNewAutoUpdateVersion(t *testing.T) {
 					StartVersion:  "1.2.3-dev",
 					TargetVersion: "",
 					Mode:          AgentsUpdateModeEnabled,
-					Schedule:      AgentsScheduleRegular,
+					Schedule:      AgentsScheduleImmediate,
 				},
 			},
 			assertErr: func(t *testing.T, err error, a ...any) {
@@ -152,7 +152,7 @@ func TestNewAutoUpdateVersion(t *testing.T) {
 					StartVersion:  "17-0-0",
 					TargetVersion: "1.2.3",
 					Mode:          AgentsUpdateModeEnabled,
-					Schedule:      AgentsScheduleRegular,
+					Schedule:      AgentsScheduleImmediate,
 				},
 			},
 			assertErr: func(t *testing.T, err error, a ...any) {
@@ -166,7 +166,7 @@ func TestNewAutoUpdateVersion(t *testing.T) {
 					StartVersion:  "1.2.3",
 					TargetVersion: "17-0-0",
 					Mode:          AgentsUpdateModeEnabled,
-					Schedule:      AgentsScheduleRegular,
+					Schedule:      AgentsScheduleImmediate,
 				},
 			},
 			assertErr: func(t *testing.T, err error, a ...any) {
diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
@@ -65,6 +65,7 @@ import (
 	"github.com/gravitational/teleport/api/client/webclient"
 	"github.com/gravitational/teleport/api/constants"
 	apidefaults "github.com/gravitational/teleport/api/defaults"
+	autoupdatepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
 	mfav1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/mfa/v1"
 	notificationsv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/notifications/v1"
 	"github.com/gravitational/teleport/api/mfa"
@@ -130,6 +131,8 @@ const (
 	// DefaultFeatureWatchInterval is the default time in which the feature watcher
 	// should ping the auth server to check for updated features
 	DefaultFeatureWatchInterval = time.Minute * 5
+	// DefaultAgentUpdateJitterSeconds is the default jitter agents should wait before updating.
+	DefaultAgentUpdateJitterSeconds = 60
 )
 
 // healthCheckAppServerFunc defines a function used to perform a health check
@@ -1547,27 +1550,19 @@ func (h *Handler) find(w http.ResponseWriter, r *http.Request, p httprouter.Para
 	if err != nil && !trace.IsNotFound(err) && !trace.IsNotImplemented(err) {
 		h.logger.ErrorContext(r.Context(), "failed to receive AutoUpdateConfig", "error", err)
 	}
-	// If we can't get the AU config or tools AU are not configured, we default to "disabled".
-	// This ensures we fail open and don't accidentally update agents if something is going wrong.
-	// If we want to enable AUs by default, it would be better to create a default "autoupdate_config" resource
-	// than changing this logic.
-	if autoUpdateConfig.GetSpec().GetTools() == nil {
-		response.AutoUpdate.ToolsMode = autoupdate.ToolsUpdateModeDisabled
-	} else {
-		response.AutoUpdate.ToolsMode = autoUpdateConfig.GetSpec().GetTools().GetMode()
-	}
 
 	autoUpdateVersion, err := h.cfg.AccessPoint.GetAutoUpdateVersion(r.Context())
 	// TODO(vapopov) DELETE IN v18.0.0 check of IsNotImplemented, must be backported to all latest supported versions.
 	if err != nil && !trace.IsNotFound(err) && !trace.IsNotImplemented(err) {
 		h.logger.ErrorContext(r.Context(), "failed to receive AutoUpdateVersion", "error", err)
 	}
-	// If we can't get the AU version or tools AU version is not specified, we default to the current proxy version.
-	// This ensures we always advertise a version compatible with the cluster.
-	if autoUpdateVersion.GetSpec().GetTools() == nil {
-		response.AutoUpdate.ToolsVersion = api.Version
-	} else {
-		response.AutoUpdate.ToolsVersion = autoUpdateVersion.GetSpec().GetTools().GetTargetVersion()
+
+	response.AutoUpdate = webclient.AutoUpdateSettings{
+		ToolsMode:                getToolsMode(autoUpdateConfig),
+		ToolsVersion:             getToolsVersion(autoUpdateVersion),
+		AgentUpdateJitterSeconds: DefaultAgentUpdateJitterSeconds,
+		AgentVersion:             getAgentVersion(autoUpdateVersion),
+		AgentAutoUpdate:          agentShouldUpdate(autoUpdateConfig, autoUpdateVersion),
 	}
 
 	return response, nil
@@ -5122,3 +5117,64 @@ func readEtagFromAppHash(fs http.FileSystem) (string, error) {
 
 	return etag, nil
 }
+
+func getToolsMode(config *autoupdatepb.AutoUpdateConfig) string {
+	// If we can't get the AU config or if AUs are not configured, we default to "disabled".
+	// This ensures we fail open and don't accidentally update agents if something is going wrong.
+	// If we want to enable AUs by default, it would be better to create a default "autoupdate_config" resource
+	// than changing this logic.
+	if config.GetSpec().GetTools() == nil {
+		return autoupdate.ToolsUpdateModeDisabled
+	}
+	return config.GetSpec().GetTools().GetMode()
+}
+
+func getToolsVersion(version *autoupdatepb.AutoUpdateVersion) string {
+	// If we can't get the AU version or tools AU version is not specified, we default to the current proxy version.
+	// This ensures we always advertise a version compatible with the cluster.
+	if version.GetSpec().GetTools() == nil {
+		return api.Version
+	}
+	return version.GetSpec().GetTools().GetTargetVersion()
+}
+
+func getAgentVersion(version *autoupdatepb.AutoUpdateVersion) string {
+	// If we can't get the AU version or tools AU version is not specified, we default to the current proxy version.
+	// This ensures we always advertise a version compatible with the cluster.
+	// TODO: read the version from the autoupdate_agent_rollout when the resource is implemented
+	if version.GetSpec().GetAgents() == nil {
+		return api.Version
+	}
+
+	return version.GetSpec().GetAgents().GetTargetVersion()
+}
+
+func agentShouldUpdate(config *autoupdatepb.AutoUpdateConfig, version *autoupdatepb.AutoUpdateVersion) bool {
+	// TODO: read the data from the autoupdate_agent_rollout when the resource is implemented
+
+	// If we can't get the AU config or if AUs are not configured, we default to "disabled".
+	// This ensures we fail open and don't accidentally update agents if something is going wrong.
+	// If we want to enable AUs by default, it would be better to create a default "autoupdate_config" resource
+	// than changing this logic.
+	if config.GetSpec().GetAgents() == nil {
+		return false
+	}
+	if version.GetSpec().GetAgents() == nil {
+		return false
+	}
+	configMode := config.GetSpec().GetAgents().GetMode()
+	versionMode := version.GetSpec().GetAgents().GetMode()
+
+	// We update only if both version and config agent modes are "enabled"
+	if configMode != autoupdate.AgentsUpdateModeEnabled || versionMode != autoupdate.AgentsUpdateModeEnabled {
+		return false
+	}
+
+	scheduleName := version.GetSpec().GetAgents().GetSchedule()
+	if scheduleName == autoupdate.AgentsScheduleImmediate {
+		return true
+	}
+
+	// TODO: add support for the regular schedule name as we implement groups and autoupdate_agent_rollout
+	return false
+}
diff --git a/lib/web/apiserver_ping_test.go b/lib/web/apiserver_ping_test.go
