Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore: explain GIT_ASKPASS behavior in docs #12784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Mar 28, 2024
Merged

chore: explain GIT_ASKPASS behavior in docs #12784

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f218dfb
chore: docs explaining GIT_ASKPASS behavior
Emyrk Mar 27, 2024
56048da
add warning if run from outside workspace
Emyrk Mar 27, 2024
838fb0f
Rephrase to focus on git not ASK_PASS
Emyrk Mar 27, 2024
d686bcf
make fmt
Emyrk Mar 27, 2024
8759807
fixup tests to insert an agent token
Emyrk Mar 27, 2024
836dc71
mention our extension
Emyrk Mar 27, 2024
cc351b8
Make fmt
Emyrk Mar 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions cli/externalauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,15 @@ package cli

import (
"encoding/json"
"fmt"

"golang.org/x/xerrors"

"github.com/tidwall/gjson"

"github.com/coder/coder/v2/cli/cliui"
"github.com/coder/coder/v2/codersdk/agentsdk"
"github.com/coder/pretty"
"github.com/coder/serpent"
)

Expand Down Expand Up @@ -68,6 +70,11 @@ fi
ctx, stop := inv.SignalNotifyContext(ctx, StopSignals...)
defer stop()

if r.agentToken == "" {
_, _ = fmt.Fprint(inv.Stderr, pretty.Sprintf(headLineStyle(), "No agent token found, this command must be run from inside a running workspace.\n"))
return xerrors.Errorf("agent token not found")
}

client, err := r.createAgentClient()
if err != nil {
return xerrors.Errorf("create agent client: %w", err)
Expand Down
8 changes: 4 additions & 4 deletions cli/externalauth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ func TestExternalAuth(t *testing.T) {
}))
t.Cleanup(srv.Close)
url := srv.URL
inv, _ := clitest.New(t, "--agent-url", url, "external-auth", "access-token", "github")
inv, _ := clitest.New(t, "--agent-url", url, "--agent-token", "foo", "external-auth", "access-token", "github")
pty := ptytest.New(t)
inv.Stdout = pty.Output()
waiter := clitest.StartWithWaiter(t, inv)
Expand All @@ -40,7 +40,7 @@ func TestExternalAuth(t *testing.T) {
}))
t.Cleanup(srv.Close)
url := srv.URL
inv, _ := clitest.New(t, "--agent-url", url, "external-auth", "access-token", "github")
inv, _ := clitest.New(t, "--agent-url", url, "--agent-token", "foo", "external-auth", "access-token", "github")
pty := ptytest.New(t)
inv.Stdout = pty.Output()
clitest.Start(t, inv)
Expand All @@ -55,7 +55,7 @@ func TestExternalAuth(t *testing.T) {
}))
t.Cleanup(srv.Close)
url := srv.URL
inv, _ := clitest.New(t, "--agent-url", url, "external-auth", "access-token")
inv, _ := clitest.New(t, "--agent-url", url, "--agent-token", "foo", "external-auth", "access-token")
watier := clitest.StartWithWaiter(t, inv)
watier.RequireContains("wanted 1 args but got 0")
})
Expand All @@ -71,7 +71,7 @@ func TestExternalAuth(t *testing.T) {
}))
t.Cleanup(srv.Close)
url := srv.URL
inv, _ := clitest.New(t, "--agent-url", url, "external-auth", "access-token", "github", "--extra", "hey")
inv, _ := clitest.New(t, "--agent-url", url, "--agent-token", "foo", "external-auth", "access-token", "github", "--extra", "hey")
pty := ptytest.New(t)
inv.Stdout = pty.Output()
clitest.Start(t, inv)
Expand Down
42 changes: 40 additions & 2 deletions docs/admin/external-auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,8 +212,46 @@ you can require users authenticate via git prior to creating a workspace:

![Git authentication in template](../images/admin/git-auth-template.png)

The following example will require users authenticate via GitHub and auto-clone
a repo into the `~/coder` directory.
### Native git authentication will auto-refresh tokens

<blockquote class="info">
<p>
This is the preferred authentication method.
</p>
</blockquote>

By default, the coder agent will configure native `git` authentication via the
`GIT_ASKPASS` environment variable. Meaning, with no additional configuration,
external authentication will work with native `git` commands.

To check the auth token being used **from inside a running workspace**, run:

```shell
# If the exit code is non-zero, then the user is not authenticated with the
# external provider.
coder external-auth access-token <external-auth-id>
```

Note: Some IDE's override the `GIT_ASKPASS` environment variable and need to be
configured.

**VSCode**
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should note that this is automatically done for you. No manual user configuration is actually needed.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not automatically done though. The user must manually turn off the VSCode overrides.

Does our extension do this for you?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See this issue: #12291


Use the
[Coder](https://marketplace.visualstudio.com/items?itemName=coder.coder-remote)
extension to automatically configure these settings for you!

Otherwise, you can manually configure the following settings:

- Set `git.terminalAuthentication` to `false`
- Set `git.useIntegratedAskPass` to `false`

### Hard coded tokens do not auto-refresh

If the token is required to be inserted into the workspace, for example
[GitHub cli](https://cli.github.com/), the auth token can be inserted from the
template. This token will not auto-refresh. The following example will
authenticate via GitHub and auto-clone a repo into the `~/coder` directory.

```hcl
data "coder_external_auth" "github" {
Expand Down