in-workspace detction, explicit api token generation (for printed URIs)

mafredri · mafredri · commit 7b9fc5b57e57 · 2023-12-15T12:17:30.000Z
diff --git a/agent/agent_test.go b/agent/agent_test.go
@@ -924,7 +924,7 @@ func TestAgent_EnvironmentVariableExpansion(t *testing.T) {
 func TestAgent_CoderEnvVars(t *testing.T) {
 	t.Parallel()
 
-	for _, key := range []string{"CODER"} {
+	for _, key := range []string{"CODER", "CODER_WORKSPACE_NAME", "CODER_WORKSPACE_AGENT_NAME"} {
 		key := key
 		t.Run(key, func(t *testing.T) {
 			t.Parallel()
diff --git a/agent/agentssh/agentssh.go b/agent/agentssh/agentssh.go
@@ -659,6 +659,8 @@ func (s *Server) CreateCommand(ctx context.Context, script string, env []string)
 	// Set environment variables reliable detection of being inside a
 	// Coder workspace.
 	cmd.Env = append(cmd.Env, "CODER=true")
+	cmd.Env = append(cmd.Env, "CODER_WORKSPACE_NAME="+manifest.WorkspaceName)
+	cmd.Env = append(cmd.Env, "CODER_WORKSPACE_AGENT_NAME="+manifest.AgentName)
 	cmd.Env = append(cmd.Env, fmt.Sprintf("USER=%s", username))
 	// Git on Windows resolves with UNIX-style paths.
 	// If using backslashes, it's unable to find the executable.
diff --git a/cli/open.go b/cli/open.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/url"
+	"path/filepath"
 	"strings"
 
 	"github.com/skratchdot/open-golang/open"
@@ -28,111 +29,174 @@ func (r *RootCmd) open() *clibase.Cmd {
 	return cmd
 }
 
+const vscodeDesktopName = "VS Code Desktop"
+
 func (r *RootCmd) openVSCode() *clibase.Cmd {
-	var testNoOpen bool
+	var (
+		generateToken bool
+		testNoOpen    bool
+	)
 
 	client := new(codersdk.Client)
 	cmd := &clibase.Cmd{
 		Annotations: workspaceCommand,
 		Use:         "vscode <workspace> [<directory in workspace>]",
-		Short:       "Open a workspace in Visual Studio Code",
+		Short:       "Open a workspace in Visual Studio Code.",
 		Middleware: clibase.Chain(
-			clibase.RequireRangeArgs(1, -1),
+			clibase.RequireRangeArgs(1, 2),
 			r.InitClient(client),
 		),
 		Handler: func(inv *clibase.Invocation) error {
 			ctx, cancel := context.WithCancel(inv.Context())
 			defer cancel()
 
-			// Prepare an API key. This is for automagical configuration of
-			// VS Code, however, we could try to probe VS Code settings to see
-			// if the current configuration is valid. Future improvement idea.
-			apiKey, err := client.CreateAPIKey(ctx, codersdk.Me)
-			if err != nil {
-				return xerrors.Errorf("create API key: %w", err)
-			}
+			// Check if we're inside a workspace, and especially inside _this_
+			// workspace so we can perform path resolution/expansion. Generally,
+			// we know that if we're inside a workspace, `open` can't be used.
+			insideAWorkspace := inv.Environ.Get("CODER") == "true"
+			inWorkspaceName := inv.Environ.Get("CODER_WORKSPACE_NAME") + "." + inv.Environ.Get("CODER_WORKSPACE_AGENT_NAME")
 
 			// We need a started workspace to figure out e.g. expanded directory.
 			// Pehraps the vscode-coder extension could handle this by accepting
 			// default_directory=true, then probing the agent. Then we wouldn't
 			// need to wait for the agent to start.
-			workspaceName := inv.Args[0]
+			workspaceQuery := inv.Args[0]
 			autostart := true
-			workspace, workspaceAgent, err := getWorkspaceAndAgent(ctx, inv, client, autostart, codersdk.Me, workspaceName)
+			workspace, workspaceAgent, err := getWorkspaceAndAgent(ctx, inv, client, autostart, codersdk.Me, workspaceQuery)
 			if err != nil {
 				return xerrors.Errorf("get workspace and agent: %w", err)
 			}
 
-			// We could optionally add a flag to skip wait, like with SSH.
-			wait := false
-			for _, script := range workspaceAgent.Scripts {
-				if script.StartBlocksLogin {
-					wait = true
-					break
+			workspaceName := workspace.Name + "." + workspaceAgent.Name
+			insideThisWorkspace := insideAWorkspace && inWorkspaceName == workspaceName
+
+			if !insideThisWorkspace {
+				// We could optionally add a flag to skip wait, like with SSH.
+				wait := false
+				for _, script := range workspaceAgent.Scripts {
+					if script.StartBlocksLogin {
+						wait = true
+						break
+					}
 				}
-			}
-			err = cliui.Agent(ctx, inv.Stderr, workspaceAgent.ID, cliui.AgentOptions{
-				Fetch:     client.WorkspaceAgent,
-				FetchLogs: client.WorkspaceAgentLogsAfter,
-				Wait:      wait,
-			})
-			if err != nil {
-				if xerrors.Is(err, context.Canceled) {
-					return cliui.Canceled
+				err = cliui.Agent(ctx, inv.Stderr, workspaceAgent.ID, cliui.AgentOptions{
+					Fetch:     client.WorkspaceAgent,
+					FetchLogs: client.WorkspaceAgentLogsAfter,
+					Wait:      wait,
+				})
+				if err != nil {
+					if xerrors.Is(err, context.Canceled) {
+						return cliui.Canceled
+					}
+					return xerrors.Errorf("agent: %w", err)
 				}
-				return xerrors.Errorf("agent: %w", err)
-			}
 
-			// If the ExpandedDirectory was initially missing, it could mean
-			// that the agent hadn't reported it in yet. Retry once.
-			if workspaceAgent.ExpandedDirectory == "" {
-				autostart = false // Don't retry autostart.
-				workspace, workspaceAgent, err = getWorkspaceAndAgent(ctx, inv, client, autostart, codersdk.Me, workspaceName)
-				if err != nil {
-					return xerrors.Errorf("get workspace and agent retry: %w", err)
+				// If the ExpandedDirectory was initially missing, it could mean
+				// that the agent hadn't reported it in yet. Retry once.
+				if workspaceAgent.ExpandedDirectory == "" {
+					autostart = false // Don't retry autostart.
+					workspace, workspaceAgent, err = getWorkspaceAndAgent(ctx, inv, client, autostart, codersdk.Me, workspaceName)
+					if err != nil {
+						return xerrors.Errorf("get workspace and agent retry: %w", err)
+					}
 				}
 			}
 
-			var folder string
+			var directory string
 			switch {
 			case len(inv.Args) > 1:
-				folder = inv.Args[1]
+				directory = inv.Args[1]
 				// Perhaps we could SSH in to expand the directory?
-				if strings.HasPrefix(folder, "~") {
-					return xerrors.Errorf("folder path %q not supported, use an absolute path instead", folder)
+				if !insideThisWorkspace && strings.HasPrefix(directory, "~") {
+					return xerrors.Errorf("directory path %q not supported, use an absolute path instead", directory)
+				}
+				if insideThisWorkspace {
+					directory, err = filepath.Abs(directory)
+					if err != nil {
+						return xerrors.Errorf("expand directory: %w", err)
+					}
 				}
 			case workspaceAgent.ExpandedDirectory != "":
-				folder = workspaceAgent.ExpandedDirectory
+				directory = workspaceAgent.ExpandedDirectory
+			}
+
+			u, err := url.Parse("vscode://coder.coder-remote/open")
+			if err != nil {
+				return xerrors.Errorf("parse vscode URI: %w", err)
 			}
 
 			qp := url.Values{}
 
 			qp.Add("url", client.URL.String())
-			qp.Add("token", apiKey.Key)
 			qp.Add("owner", workspace.OwnerName)
 			qp.Add("workspace", workspace.Name)
 			qp.Add("agent", workspaceAgent.Name)
-			if folder != "" {
-				qp.Add("folder", folder)
+			if directory != "" {
+				qp.Add("folder", directory)
 			}
 
-			uri := fmt.Sprintf("vscode://coder.coder-remote/open?%s", qp.Encode())
-			_, _ = fmt.Fprintf(inv.Stdout, "Opening %s\n", strings.ReplaceAll(uri, apiKey.Key, "<REDACTED>"))
+			// We always set the token if we believe we can open without
+			// printing the URI, otherwise the token must be explicitly
+			// requested as it will be printed in plain text.
+			if !insideAWorkspace || generateToken {
+				// Prepare an API key. This is for automagical configuration of
+				// VS Code, however, if running on a local machine we could try
+				// to probe VS Code settings to see if the current configuration
+				// is valid. Future improvement idea.
+				apiKey, err := client.CreateAPIKey(ctx, codersdk.Me)
+				if err != nil {
+					return xerrors.Errorf("create API key: %w", err)
+				}
+				qp.Add("token", apiKey.Key)
+			}
+
+			u.RawQuery = qp.Encode()
+
+			openingPath := workspaceName
+			if directory != "" {
+				openingPath += ":" + directory
+			}
 
-			if testNoOpen {
+			if insideAWorkspace {
+				_, _ = fmt.Fprintf(inv.Stderr, "Opening %s in %s is not supported inside a workspace, please open the following URI on your local machine instead:\n\n", openingPath, vscodeDesktopName)
+				_, _ = fmt.Fprintf(inv.Stdout, "%s\n", u.String())
 				return nil
+			} else {
+				_, _ = fmt.Fprintf(inv.Stderr, "Opening %s in %s\n", openingPath, vscodeDesktopName)
 			}
 
-			err = open.Run(uri)
+			if !testNoOpen {
+				err = open.Run(u.String())
+			} else {
+				err = xerrors.New("test.no-open")
+			}
 			if err != nil {
-				return xerrors.Errorf("open: %w", err)
+				if !generateToken {
+					qp.Del("token")
+					u.RawQuery = qp.Encode()
+				}
+
+				_, _ = fmt.Fprintf(inv.Stderr, "Could not automatically open %s in %s: %s\n", openingPath, vscodeDesktopName, err)
+				_, _ = fmt.Fprintf(inv.Stderr, "Please open the following URI instead:\n\n")
+				_, _ = fmt.Fprintf(inv.Stdout, "%s\n", u.String())
+				return nil
 			}
 
 			return nil
 		},
 	}
 
 	cmd.Options = clibase.OptionSet{
+		{
+			Flag: "generate-token",
+			Env:  "CODER_OPEN_VSCODE_GENERATE_TOKEN",
+			Description: fmt.Sprintf(
+				"Generate an auth token and include it in the vscode:// URI. This is for automagical configuration of %s and not needed if already configured. "+
+					"This flag does not need to be specified when running this command on a local machine unless automatic open fails.",
+				vscodeDesktopName,
+			),
+			Value: clibase.BoolOf(&generateToken),
+		},
 		{
 			Flag:        "test.no-open",
 			Description: "Don't run the open command.",
diff --git a/cli/open_test.go b/cli/open_test.go
@@ -3,7 +3,6 @@ package cli_test
 import (
 	"context"
 	"net/url"
-	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -21,7 +20,7 @@ import (
 func TestOpen(t *testing.T) {
 	t.Parallel()
 
-	t.Run("VSCode", func(t *testing.T) {
+	t.Run("VS Code Local", func(t *testing.T) {
 		t.Parallel()
 
 		client, workspace, agentToken := setupWorkspaceForAgent(t, func(agents []*proto.Agent) []*proto.Agent {
@@ -30,16 +29,69 @@ func TestOpen(t *testing.T) {
 			return agents
 		})
 
+		_ = agenttest.New(t, client.URL, agentToken)
+		_ = coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)
+
 		inv, root := clitest.New(t, "open", "vscode", "--test.no-open", workspace.Name)
 		clitest.SetupConfig(t, client, root)
 		pty := ptytest.New(t)
 		inv.Stdin = pty.Input()
-		inv.Stderr = pty.Output()
 		inv.Stdout = pty.Output()
 
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		cmdDone := tGo(t, func() {
+			err := inv.WithContext(ctx).Run()
+			assert.NoError(t, err)
+		})
+
+		me, err := client.User(ctx, codersdk.Me)
+		require.NoError(t, err)
+
+		// --test.no-open forces the command to print the URI.
+		line := pty.ReadLine(ctx)
+		u, err := url.ParseRequestURI(line)
+		require.NoError(t, err, "line: %q", line)
+
+		qp := u.Query()
+		assert.Equal(t, client.URL.String(), qp.Get("url"))
+		assert.Equal(t, me.Username, qp.Get("owner"))
+		assert.Equal(t, workspace.Name, qp.Get("workspace"))
+		assert.Equal(t, "agent1", qp.Get("agent"))
+		assert.Equal(t, "/tmp", qp.Get("folder"))
+		assert.Equal(t, "", qp.Get("token"))
+
+		<-cmdDone
+	})
+	t.Run("VS Code Inside Workspace Prints URI", func(t *testing.T) {
+		t.Parallel()
+
+		agentName := "agent1"
+		client, workspace, agentToken := setupWorkspaceForAgent(t, func(agents []*proto.Agent) []*proto.Agent {
+			agents[0].Directory = "/tmp"
+			agents[0].Name = agentName
+			return agents
+		})
+
 		_ = agenttest.New(t, client.URL, agentToken)
 		_ = coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)
 
+		t.Log(client.SessionToken())
+
+		inv, root := clitest.New(t, "open", "vscode", "--generate-token", workspace.Name)
+		clitest.SetupConfig(t, client, root)
+
+		t.Log(root.Session().Read())
+
+		pty := ptytest.New(t)
+		inv.Stdin = pty.Input()
+		inv.Stdout = pty.Output()
+
+		inv.Environ.Set("CODER", "true")
+		inv.Environ.Set("CODER_WORKSPACE_NAME", workspace.Name)
+		inv.Environ.Set("CODER_WORKSPACE_AGENT_NAME", agentName)
+
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()
 
@@ -52,22 +104,17 @@ func TestOpen(t *testing.T) {
 		require.NoError(t, err)
 
 		line := pty.ReadLine(ctx)
-
-		// Opening vscode://coder.coder-remote/open?...
-		parts := strings.Split(line, " ")
-		require.Len(t, parts, 2)
-		require.Contains(t, parts[1], "vscode://")
-		u, err := url.ParseRequestURI(parts[1])
-		require.NoError(t, err)
+		u, err := url.ParseRequestURI(line)
+		require.NoError(t, err, "line: %q", line)
 
 		qp := u.Query()
 		assert.Equal(t, client.URL.String(), qp.Get("url"))
 		assert.Equal(t, me.Username, qp.Get("owner"))
 		assert.Equal(t, workspace.Name, qp.Get("workspace"))
 		assert.Equal(t, "agent1", qp.Get("agent"))
 		assert.Equal(t, "/tmp", qp.Get("folder"))
+		assert.NotEmpty(t, qp.Get("token"))
 
-		cancel()
 		<-cmdDone
 	})
 }
diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go
@@ -241,8 +241,10 @@ func (api *API) workspaceAgentManifest(rw http.ResponseWriter, r *http.Request)
 
 	httpapi.Write(ctx, rw, http.StatusOK, agentsdk.Manifest{
 		AgentID:                  apiAgent.ID,
+		AgentName:                apiAgent.Name,
 		OwnerName:                owner.Username,
 		WorkspaceID:              workspace.ID,
+		WorkspaceName:            workspace.Name,
 		Apps:                     convertApps(dbApps, workspaceAgent, owner.Username, workspace),
 		Scripts:                  convertScripts(scripts),
 		DERPMap:                  api.DERPMap(),
diff --git a/codersdk/agentsdk/agentsdk.go b/codersdk/agentsdk/agentsdk.go
@@ -97,12 +97,14 @@ func (c *Client) PostMetadata(ctx context.Context, req PostMetadataRequest) erro
 }
 
 type Manifest struct {
-	AgentID uuid.UUID `json:"agent_id"`
+	AgentID   uuid.UUID `json:"agent_id"`
+	AgentName string    `json:"agent_name"`
 	// OwnerName and WorkspaceID are used by an open-source user to identify the workspace.
 	// We do not provide insurance that this will not be removed in the future,
 	// but if it's easy to persist lets keep it around.
-	OwnerName   string    `json:"owner_name"`
-	WorkspaceID uuid.UUID `json:"workspace_id"`
+	OwnerName     string    `json:"owner_name"`
+	WorkspaceID   uuid.UUID `json:"workspace_id"`
+	WorkspaceName string    `json:"workspace_name"`
 	// GitAuthConfigs stores the number of Git configurations
 	// the Coder deployment has. If this number is >0, we
 	// set up special configuration in the workspace.
