coder
diff --git a/‎cli/config/server.go
Lines changed: 0 additions & 56 deletions b/‎cli/config/server.go
Lines changed: 0 additions & 56 deletions
diff --git a/‎cli/config/server_test.go
Lines changed: 0 additions & 40 deletions b/‎cli/config/server_test.go
Lines changed: 0 additions & 40 deletions
diff --git a/‎cli/deployment/config.go
Lines changed: 44 additions & 0 deletions b/‎cli/deployment/config.go
Lines changed: 44 additions & 0 deletions
diff --git a/‎cli/deployment/config_test.go
Lines changed: 39 additions & 0 deletions b/‎cli/deployment/config_test.go
Lines changed: 39 additions & 0 deletions
diff --git a/‎cli/server.go
Lines changed: 17 additions & 11 deletions b/‎cli/server.go
Lines changed: 17 additions & 11 deletions
diff --git a/‎coderd/gitauth/config.go
Lines changed: 2 additions & 13 deletions b/‎coderd/gitauth/config.go
Lines changed: 2 additions & 13 deletions
diff --git a/‎coderd/gitauth/config_test.go
Lines changed: 8 additions & 8 deletions b/‎coderd/gitauth/config_test.go
Lines changed: 8 additions & 8 deletions
diff --git a/‎coderd/userauth_test.go
Lines changed: 1 addition & 0 deletions b/‎coderd/userauth_test.go
Lines changed: 1 addition & 0 deletions
@@ -91,6 +91,12 @@ func newConfig() codersdk.DeploymentConfig {
 			Usage: "Path to read a DERP mapping from. See: https://tailscale.com/kb/1118/custom-derp-servers/",
 			Flag:  "derp-config-path",
 		},
+		GitAuth: codersdk.DeploymentConfigField[[]codersdk.DeploymentConfigGitAuth]{
+			Key:   "gitauth",
+			Usage: "Git Authentication",
+			Flag:  "gitauth",
+			Value: []codersdk.DeploymentConfigGitAuth{},
+		},
 		PrometheusEnable: codersdk.DeploymentConfigField[bool]{
 			Key:   "prometheus.enable",
 			Usage: "Serve prometheus metrics on the address defined by prometheus address.",
@@ -361,6 +367,9 @@ func Config(flagset *pflag.FlagSet, vip *viper.Viper) (codersdk.DeploymentConfig
 				value = append(value, strings.Split(entry, ",")...)
 			}
 			fve.FieldByName("Value").Set(reflect.ValueOf(value))
+		case []codersdk.DeploymentConfigGitAuth:
+			values := readSliceFromViper[codersdk.DeploymentConfigGitAuth](vip, key, value)
+			fve.FieldByName("Value").Set(reflect.ValueOf(values))
 		default:
 			return dc, xerrors.Errorf("unsupported type %T", value)
 		}
@@ -369,12 +378,47 @@ func Config(flagset *pflag.FlagSet, vip *viper.Viper) (codersdk.DeploymentConfig
 	return dc, nil
 }
 
+// readSliceFromViper reads a typed mapping from the key provided.
+// This enables environment variables like CODER_GITAUTH_<index>_CLIENT_ID.
+func readSliceFromViper[T any](vip *viper.Viper, key string, value any) []T {
+	elementType := reflect.TypeOf(value).Elem()
+	returnValues := make([]T, 0)
+	for entry := 0; true; entry++ {
+		// Only create an instance when the entry exists in viper...
+		// otherwise we risk
+		var instance *reflect.Value
+		for i := 0; i < elementType.NumField(); i++ {
+			fve := elementType.Field(i)
+			prop := fve.Tag.Get("json")
+			// For fields that are omitted in JSON, we use a YAML tag.
+			if prop == "-" {
+				prop = fve.Tag.Get("yaml")
+			}
+			value := vip.Get(fmt.Sprintf("%s.%d.%s", key, entry, prop))
+			if value == nil {
+				continue
+			}
+			if instance == nil {
+				newType := reflect.Indirect(reflect.New(elementType))
+				instance = &newType
+			}
+			instance.Field(i).Set(reflect.ValueOf(value))
+		}
+		if instance == nil {
+			break
+		}
+		returnValues = append(returnValues, instance.Interface().(T))
+	}
+	return returnValues
+}
+
 func NewViper() *viper.Viper {
 	dc := newConfig()
 	v := viper.New()
 	v.SetEnvPrefix("coder")
 	v.AutomaticEnv()
 	v.SetEnvKeyReplacer(strings.NewReplacer("-", "_", ".", "_"))
+	v.SetTypeByDefaultValue(true)
 
 	dcv := reflect.ValueOf(dc)
 	t := dcv.Type()
 
@@ -148,6 +148,45 @@ func TestConfig(t *testing.T) {
 			require.Equal(t, []string{"coder"}, config.OAuth2GithubAllowedTeams.Value)
 			require.Equal(t, config.OAuth2GithubAllowSignups.Value, true)
 		},
+	}, {
+		Name: "GitAuth",
+		Env: map[string]string{
+			"CODER_GITAUTH_0_ID":            "hello",
+			"CODER_GITAUTH_0_TYPE":          "github",
+			"CODER_GITAUTH_0_CLIENT_ID":     "client",
+			"CODER_GITAUTH_0_CLIENT_SECRET": "secret",
+			"CODER_GITAUTH_0_AUTH_URL":      "https://auth.com",
+			"CODER_GITAUTH_0_TOKEN_URL":     "https://token.com",
+			"CODER_GITAUTH_0_REGEX":         "github.com",
+
+			"CODER_GITAUTH_1_ID":            "another",
+			"CODER_GITAUTH_1_TYPE":          "gitlab",
+			"CODER_GITAUTH_1_CLIENT_ID":     "client-2",
+			"CODER_GITAUTH_1_CLIENT_SECRET": "secret-2",
+			"CODER_GITAUTH_1_AUTH_URL":      "https://auth-2.com",
+			"CODER_GITAUTH_1_TOKEN_URL":     "https://token-2.com",
+			"CODER_GITAUTH_1_REGEX":         "gitlab.com",
+		},
+		Valid: func(config codersdk.DeploymentConfig) {
+			require.Len(t, config.GitAuth.Value, 2)
+			require.Equal(t, []codersdk.DeploymentConfigGitAuth{{
+				ID:           "hello",
+				Type:         "github",
+				ClientID:     "client",
+				ClientSecret: "secret",
+				AuthURL:      "https://auth.com",
+				TokenURL:     "https://token.com",
+				Regex:        "github.com",
+			}, {
+				ID:           "another",
+				Type:         "gitlab",
+				ClientID:     "client-2",
+				ClientSecret: "secret-2",
+				AuthURL:      "https://auth-2.com",
+				TokenURL:     "https://token-2.com",
+				Regex:        "gitlab.com",
+			}}, config.GitAuth.Value)
+		},
 	}} {
 		tc := tc
 		t.Run(tc.Name, func(t *testing.T) {
 
@@ -55,6 +55,7 @@ import (
 	"github.com/coder/coder/coderd/database/databasefake"
 	"github.com/coder/coder/coderd/database/migrations"
 	"github.com/coder/coder/coderd/devtunnel"
+	"github.com/coder/coder/coderd/gitauth"
 	"github.com/coder/coder/coderd/gitsshkey"
 	"github.com/coder/coder/coderd/httpapi"
 	"github.com/coder/coder/coderd/prometheusmetrics"
@@ -325,17 +326,22 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				}
 			}
 
+			gitAuthConfigs, err := gitauth.ConvertConfig(cfg.GitAuth.Value, accessURLParsed)
+			if err != nil {
+				return xerrors.Errorf("parse git auth config: %w", err)
+			}
+
 			options := &coderd.Options{
-				AccessURL:            accessURLParsed,
-				AppHostname:          appHostname,
-				AppHostnameRegex:     appHostnameRegex,
-				Logger:               logger.Named("coderd"),
-				Database:             databasefake.New(),
-				DERPMap:              derpMap,
-				Pubsub:               database.NewPubsubInMemory(),
-				CacheDir:             cfg.CacheDirectory.Value,
-				GoogleTokenValidator: googleTokenValidator,
-				// GitAuthConfigs:              serverConfig.GitAuth,
+				AccessURL:                   accessURLParsed,
+				AppHostname:                 appHostname,
+				AppHostnameRegex:            appHostnameRegex,
+				Logger:                      logger.Named("coderd"),
+				Database:                    databasefake.New(),
+				DERPMap:                     derpMap,
+				Pubsub:                      database.NewPubsubInMemory(),
+				CacheDir:                    cfg.CacheDirectory.Value,
+				GoogleTokenValidator:        googleTokenValidator,
+				GitAuthConfigs:              gitAuthConfigs,
 				SecureAuthCookie:            cfg.SecureAuthCookie.Value,
 				SSHKeygenAlgorithm:          sshKeygenAlgorithm,
 				TracerProvider:              tracerProvider,
@@ -617,7 +623,7 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 			// This is helpful for tests, but can be silently ignored.
 			// Coder may be ran as users that don't have permission to write in the homedir,
 			// such as via the systemd service.
-			_ = cfg.URL().Write(client.URL.String())
+			_ = config.URL().Write(client.URL.String())
 
 			// Currently there is no way to ask the server to shut
 			// itself down, so any exit signal will result in a non-zero
 
@@ -24,20 +24,9 @@ type Config struct {
 	Type codersdk.GitProvider
 }
 
-// YAML represents a serializable config.
-type YAML struct {
-	ID           string `yaml:"id"`
-	Type         string `yaml:"type"`
-	ClientID     string `yaml:"client_id"`
-	ClientSecret string `yaml:"client_secret"`
-	AuthURL      string `yaml:"auth_url"`
-	TokenURL     string `yaml:"token_url"`
-	Regex        string `yaml:"regex"`
-}
-
-// ConvertYAML converts the YAML configuration entry to the
+// ConvertConfig converts the YAML configuration entry to the
 // parsed and ready-to-consume provider type.
-func ConvertYAML(entries []*YAML, accessURL *url.URL) ([]*Config, error) {
+func ConvertConfig(entries []codersdk.DeploymentConfigGitAuth, accessURL *url.URL) ([]*Config, error) {
 	ids := map[string]struct{}{}
 	configs := []*Config{}
 	for _, entry := range entries {
 
@@ -14,38 +14,38 @@ func TestConvertYAML(t *testing.T) {
 	t.Parallel()
 	for _, tc := range []struct {
 		Name   string
-		Input  []*gitauth.YAML
+		Input  []codersdk.DeploymentConfigGitAuth
 		Output []*gitauth.Config
 		Error  string
 	}{{
 		Name: "InvalidType",
-		Input: []*gitauth.YAML{{
+		Input: []codersdk.DeploymentConfigGitAuth{{
 			Type: "moo",
 		}},
 		Error: "unknown git provider type",
 	}, {
 		Name: "InvalidID",
-		Input: []*gitauth.YAML{{
+		Input: []codersdk.DeploymentConfigGitAuth{{
 			Type: codersdk.GitProviderGitHub,
 			ID:   "$hi$",
 		}},
 		Error: "doesn't have a valid id",
 	}, {
 		Name: "NoClientID",
-		Input: []*gitauth.YAML{{
+		Input: []codersdk.DeploymentConfigGitAuth{{
 			Type: codersdk.GitProviderGitHub,
 		}},
 		Error: "client_id must be provided",
 	}, {
 		Name: "NoClientSecret",
-		Input: []*gitauth.YAML{{
+		Input: []codersdk.DeploymentConfigGitAuth{{
 			Type:     codersdk.GitProviderGitHub,
 			ClientID: "example",
 		}},
 		Error: "client_secret must be provided",
 	}, {
 		Name: "DuplicateType",
-		Input: []*gitauth.YAML{{
+		Input: []codersdk.DeploymentConfigGitAuth{{
 			Type:         codersdk.GitProviderGitHub,
 			ClientID:     "example",
 			ClientSecret: "example",
@@ -55,7 +55,7 @@ func TestConvertYAML(t *testing.T) {
 		Error: "multiple github git auth providers provided",
 	}, {
 		Name: "InvalidRegex",
-		Input: []*gitauth.YAML{{
+		Input: []codersdk.DeploymentConfigGitAuth{{
 			Type:         codersdk.GitProviderGitHub,
 			ClientID:     "example",
 			ClientSecret: "example",
@@ -66,7 +66,7 @@ func TestConvertYAML(t *testing.T) {
 		tc := tc
 		t.Run(tc.Name, func(t *testing.T) {
 			t.Parallel()
-			output, err := gitauth.ConvertYAML(tc.Input, &url.URL{})
+			output, err := gitauth.ConvertConfig(tc.Input, &url.URL{})
 			if tc.Error != "" {
 				require.Error(t, err)
 				require.Contains(t, err.Error(), tc.Error)
 
@@ -9,6 +9,7 @@ import (
 	"net/url"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/golang-jwt/jwt"