coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 1 addition & 1 deletion b/‎coderd/apidoc/docs.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 1 addition & 1 deletion b/‎coderd/apidoc/swagger.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/coderd.go
Lines changed: 0 additions & 3 deletions b/‎coderd/coderd.go
Lines changed: 0 additions & 3 deletions
diff --git a/‎coderd/workspaceagents.go
Lines changed: 0 additions & 68 deletions b/‎coderd/workspaceagents.go
Lines changed: 0 additions & 68 deletions
diff --git a/‎coderd/workspaceagents_test.go
Lines changed: 0 additions & 74 deletions b/‎coderd/workspaceagents_test.go
Lines changed: 0 additions & 74 deletions
diff --git a/‎codersdk/deployment.go
Lines changed: 4 additions & 1 deletion b/‎codersdk/deployment.go
Lines changed: 4 additions & 1 deletion
diff --git a/‎docs/reference/api/agents.md
Lines changed: 0 additions & 39 deletions b/‎docs/reference/api/agents.md
Lines changed: 0 additions & 39 deletions
diff --git a/‎docs/reference/api/enterprise.md
Lines changed: 39 additions & 0 deletions b/‎docs/reference/api/enterprise.md
Lines changed: 39 additions & 0 deletions
diff --git a/‎enterprise/coderd/coderd.go
Lines changed: 9 additions & 0 deletions b/‎enterprise/coderd/coderd.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎enterprise/coderd/workspaceagents.go
Lines changed: 73 additions & 0 deletions b/‎enterprise/coderd/workspaceagents.go
Lines changed: 73 additions & 0 deletions
@@ -1430,9 +1430,6 @@ func New(options *Options) *API {
 					r.Post("/", api.postWorkspaceAgentPortShare)
 					r.Delete("/", api.deleteWorkspaceAgentPortShare)
 				})
-				r.Route("/external-agent", func(r chi.Router) {
-					r.Get("/{agent}/credentials", api.workspaceExternalAgentCredentials)
-				})
 				r.Get("/timings", api.workspaceTimings)
 				r.Route("/acl", func(r chi.Router) {
 					r.Use(
 
@@ -2185,71 +2185,3 @@ func convertWorkspaceAgentLog(logEntry database.WorkspaceAgentLog) codersdk.Work
 		SourceID:  logEntry.LogSourceID,
 	}
 }
-
-// @Summary Get workspace external agent credentials
-// @ID get-workspace-external-agent-credentials
-// @Security CoderSessionToken
-// @Produce json
-// @Tags Agents
-// @Param workspace path string true "Workspace ID" format(uuid)
-// @Param agent path string true "Agent name"
-// @Success 200 {object} codersdk.ExternalAgentCredentials
-// @Router /workspaces/{workspace}/external-agent/{agent}/credentials [get]
-func (api *API) workspaceExternalAgentCredentials(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	workspace := httpmw.WorkspaceParam(r)
-	agentName := chi.URLParam(r, "agent")
-
-	build, err := api.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID)
-	if err != nil {
-		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
-			Message: "Failed to get latest workspace build.",
-			Detail:  err.Error(),
-		})
-		return
-	}
-
-	agents, err := api.Database.GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx, database.GetWorkspaceAgentsByWorkspaceAndBuildNumberParams{
-		WorkspaceID: workspace.ID,
-		BuildNumber: build.BuildNumber,
-	})
-	if err != nil {
-		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
-			Message: "Failed to get workspace agents.",
-			Detail:  err.Error(),
-		})
-		return
-	}
-
-	var agent *database.WorkspaceAgent
-	for i := range agents {
-		if agents[i].Name == agentName {
-			agent = &agents[i]
-			break
-		}
-	}
-	if agent == nil {
-		httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
-			Message: fmt.Sprintf("External agent '%s' not found in workspace.", agentName),
-		})
-		return
-	}
-
-	if agent.AuthInstanceID.Valid {
-		httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
-			Message: "External agent is authenticated with an instance ID.",
-		})
-		return
-	}
-
-	initScriptURL := fmt.Sprintf("%s/api/v2/init-script/%s/%s", api.AccessURL.String(), agent.OperatingSystem, agent.Architecture)
-	command := fmt.Sprintf("CODER_AGENT_TOKEN=%q curl -fsSL %q | sh", agent.AuthToken.String(), initScriptURL)
-	if agent.OperatingSystem == "windows" {
-		command = fmt.Sprintf("$env:CODER_AGENT_TOKEN=%q; iwr -useb %q | iex", agent.AuthToken.String(), initScriptURL)
-	}
-
-	httpapi.Write(ctx, rw, http.StatusOK, codersdk.ExternalAgentCredentials{
-		AgentToken: agent.AuthToken.String(),
-		Command:    command,
-	})
-}
@@ -3056,77 +3056,3 @@ func (p *pubsubReinitSpy) Subscribe(event string, listener pubsub.Listener) (can
 	p.Unlock()
 	return cancel, err
 }
-
-func TestWorkspaceExternalAgentCredentials(t *testing.T) {
-	t.Parallel()
-	client, db := coderdtest.NewWithDatabase(t, nil)
-	user := coderdtest.CreateFirstUser(t, client)
-
-	t.Run("Success - linux", func(t *testing.T) {
-		t.Parallel()
-		ctx := testutil.Context(t, testutil.WaitShort)
-
-		r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
-			OrganizationID: user.OrganizationID,
-			OwnerID:        user.UserID,
-		}).WithAgent(func(a []*proto.Agent) []*proto.Agent {
-			a[0].Name = "test-agent"
-			a[0].OperatingSystem = "linux"
-			a[0].Architecture = "amd64"
-			return a
-		}).Do()
-
-		credentials, err := client.WorkspaceExternalAgentCredentials(
-			ctx, r.Workspace.ID, "test-agent")
-		require.NoError(t, err)
-
-		require.Equal(t, r.AgentToken, credentials.AgentToken)
-		expectedCommand := fmt.Sprintf("CODER_AGENT_TOKEN=%q curl -fsSL \"%s/api/v2/init-script/linux/amd64\" | sh", r.AgentToken, client.URL)
-		require.Equal(t, expectedCommand, credentials.Command)
-	})
-
-	t.Run("Success - windows", func(t *testing.T) {
-		t.Parallel()
-		ctx := testutil.Context(t, testutil.WaitShort)
-
-		r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
-			OrganizationID: user.OrganizationID,
-			OwnerID:        user.UserID,
-		}).WithAgent(func(a []*proto.Agent) []*proto.Agent {
-			a[0].Name = "test-agent"
-			a[0].OperatingSystem = "windows"
-			a[0].Architecture = "amd64"
-			return a
-		}).Do()
-
-		credentials, err := client.WorkspaceExternalAgentCredentials(
-			ctx, r.Workspace.ID, "test-agent")
-		require.NoError(t, err)
-
-		require.Equal(t, r.AgentToken, credentials.AgentToken)
-		expectedCommand := fmt.Sprintf("$env:CODER_AGENT_TOKEN=%q; iwr -useb \"%s/api/v2/init-script/windows/amd64\" | iex", r.AgentToken, client.URL)
-		require.Equal(t, expectedCommand, credentials.Command)
-	})
-
-	t.Run("WithInstanceID - should return 404", func(t *testing.T) {
-		t.Parallel()
-		ctx := testutil.Context(t, testutil.WaitShort)
-
-		r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
-			OrganizationID: user.OrganizationID,
-			OwnerID:        user.UserID,
-		}).WithAgent(func(a []*proto.Agent) []*proto.Agent {
-			a[0].Name = "test-agent"
-			a[0].Auth = &proto.Agent_InstanceId{
-				InstanceId: uuid.New().String(),
-			}
-			return a
-		}).Do()
-
-		_, err := client.WorkspaceExternalAgentCredentials(ctx, r.Workspace.ID, "test-agent")
-		require.Error(t, err)
-		var apiErr *codersdk.Error
-		require.ErrorAs(t, err, &apiErr)
-		require.Equal(t, "External agent is authenticated with an instance ID.", apiErr.Message)
-	})
-}
@@ -88,7 +88,8 @@ const (
 	// ManagedAgentLimit is a usage period feature, so the value in the license
 	// contains both a soft and hard limit. Refer to
 	// enterprise/coderd/license/license.go for the license format.
-	FeatureManagedAgentLimit FeatureName = "managed_agent_limit"
+	FeatureManagedAgentLimit      FeatureName = "managed_agent_limit"
+	FeatureWorkspaceExternalAgent FeatureName = "workspace_external_agent"
 )
 
 var (
@@ -115,6 +116,7 @@ var (
 		FeatureMultipleOrganizations,
 		FeatureWorkspacePrebuilds,
 		FeatureManagedAgentLimit,
+		FeatureWorkspaceExternalAgent,
 	}
 
 	// FeatureNamesMap is a map of all feature names for quick lookups.
@@ -155,6 +157,7 @@ func (n FeatureName) AlwaysEnable() bool {
 		FeatureCustomRoles:                true,
 		FeatureMultipleOrganizations:      true,
 		FeatureWorkspacePrebuilds:         true,
+		FeatureWorkspaceExternalAgent:     true,
 	}[n]
 }
 
 
@@ -506,6 +506,15 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
 			apiKeyMiddleware,
 			httpmw.ExtractNotificationTemplateParam(options.Database),
 		).Put("/notifications/templates/{notification_template}/method", api.updateNotificationTemplateMethod)
+
+		r.Route("/workspaces/{workspace}/external-agent", func(r chi.Router) {
+			r.Use(
+				apiKeyMiddleware,
+				httpmw.ExtractWorkspaceParam(options.Database),
+				api.RequireFeatureMW(codersdk.FeatureWorkspaceExternalAgent),
+			)
+			r.Get("/{agent}/credentials", api.workspaceExternalAgentCredentials)
+		})
 	})
 
 	if len(options.SCIMAPIKey) != 0 {
 
@@ -2,9 +2,14 @@ package coderd
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 
+	"github.com/go-chi/chi/v5"
+
+	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/coderd/httpmw"
 	"github.com/coder/coder/v2/codersdk"
 )
 
@@ -17,3 +22,71 @@ func (api *API) shouldBlockNonBrowserConnections(rw http.ResponseWriter) bool {
 	}
 	return false
 }
+
+// @Summary Get workspace external agent credentials
+// @ID get-workspace-external-agent-credentials
+// @Security CoderSessionToken
+// @Produce json
+// @Tags Enterprise
+// @Param workspace path string true "Workspace ID" format(uuid)
+// @Param agent path string true "Agent name"
+// @Success 200 {object} codersdk.ExternalAgentCredentials
+// @Router /workspaces/{workspace}/external-agent/{agent}/credentials [get]
+func (api *API) workspaceExternalAgentCredentials(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	workspace := httpmw.WorkspaceParam(r)
+	agentName := chi.URLParam(r, "agent")
+
+	build, err := api.Database.GetLatestWorkspaceBuildByWorkspaceID(ctx, workspace.ID)
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to get latest workspace build.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	agents, err := api.Database.GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx, database.GetWorkspaceAgentsByWorkspaceAndBuildNumberParams{
+		WorkspaceID: workspace.ID,
+		BuildNumber: build.BuildNumber,
+	})
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to get workspace agents.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	var agent *database.WorkspaceAgent
+	for i := range agents {
+		if agents[i].Name == agentName {
+			agent = &agents[i]
+			break
+		}
+	}
+	if agent == nil {
+		httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
+			Message: fmt.Sprintf("External agent '%s' not found in workspace.", agentName),
+		})
+		return
+	}
+
+	if agent.AuthInstanceID.Valid {
+		httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
+			Message: "External agent is authenticated with an instance ID.",
+		})
+		return
+	}
+
+	initScriptURL := fmt.Sprintf("%s/api/v2/init-script/%s/%s", api.AccessURL.String(), agent.OperatingSystem, agent.Architecture)
+	command := fmt.Sprintf("CODER_AGENT_TOKEN=%q curl -fsSL %q | sh", agent.AuthToken.String(), initScriptURL)
+	if agent.OperatingSystem == "windows" {
+		command = fmt.Sprintf("$env:CODER_AGENT_TOKEN=%q; iwr -useb %q | iex", agent.AuthToken.String(), initScriptURL)
+	}
+
+	httpapi.Write(ctx, rw, http.StatusOK, codersdk.ExternalAgentCredentials{
+		AgentToken: agent.AuthToken.String(),
+		Command:    command,
+	})
+}