@@ -56,7 +56,7 @@ const (
5656
5757type Options struct {
5858 Filesystem afero.Fs
59- ExchangeToken func (ctx context.Context ) error
59+ ExchangeToken func (ctx context.Context ) ( string , error )
6060 Client Client
6161 ReconnectingPTYTimeout time.Duration
6262 EnvironmentVariables map [string ]string
@@ -78,6 +78,11 @@ func New(options Options) io.Closer {
7878 if options .Filesystem == nil {
7979 options .Filesystem = afero .NewOsFs ()
8080 }
81+ if options .ExchangeToken == nil {
82+ options .ExchangeToken = func (ctx context.Context ) (string , error ) {
83+ return "" , nil
84+ }
85+ }
8186 ctx , cancelFunc := context .WithCancel (context .Background ())
8287 server := & agent {
8388 reconnectingPTYTimeout : options .ReconnectingPTYTimeout ,
@@ -97,7 +102,7 @@ func New(options Options) io.Closer {
97102type agent struct {
98103 logger slog.Logger
99104 client Client
100- exchangeToken func (ctx context.Context ) error
105+ exchangeToken func (ctx context.Context ) ( string , error )
101106 filesystem afero.Fs
102107
103108 reconnectingPTYs sync.Map
@@ -110,8 +115,9 @@ type agent struct {
110115
111116 envVars map [string ]string
112117 // metadata is atomic because values can change after reconnection.
113- metadata atomic.Value
114- sshServer * ssh.Server
118+ metadata atomic.Value
119+ sessionToken atomic.Pointer [string ]
120+ sshServer * ssh.Server
115121
116122 network * tailnet.Conn
117123 stats * Stats
@@ -147,14 +153,13 @@ func (a *agent) run(ctx context.Context) error {
147153 // This allows the agent to refresh it's token if necessary.
148154 // For instance identity this is required, since the instance
149155 // may not have re-provisioned, but a new agent ID was created.
150- if a .exchangeToken != nil {
151- err := a .exchangeToken (ctx )
152- if err != nil {
153- return xerrors .Errorf ("exchange token: %w" , err )
154- }
156+ sessionToken , err := a .exchangeToken (ctx )
157+ if err != nil {
158+ return xerrors .Errorf ("exchange token: %w" , err )
155159 }
160+ a .sessionToken .Store (& sessionToken )
156161
157- err : =a .client .PostWorkspaceAgentVersion (ctx , buildinfo .Version ())
162+ err = a .client .PostWorkspaceAgentVersion (ctx , buildinfo .Version ())
158163 if err != nil {
159164 return xerrors .Errorf ("update workspace agent version: %w" , err )
160165 }
@@ -571,6 +576,9 @@ func (a *agent) createCommand(ctx context.Context, rawCommand string, env []stri
571576 unixExecutablePath := strings .ReplaceAll (executablePath , "\\ " , "/" )
572577 cmd .Env = append (cmd .Env , fmt .Sprintf (`GIT_SSH_COMMAND=%s gitssh --` , unixExecutablePath ))
573578
579+ // Specific Coder subcommands require the agent token exposed!
580+ cmd .Env = append (cmd .Env , fmt .Sprintf ("CODER_AGENT_TOKEN=%s" , * a .sessionToken .Load ()))
581+
574582 // Set SSH connection environment variables (these are also set by OpenSSH
575583 // and thus expected to be present by SSH clients). Since the agent does
576584 // networking in-memory, trying to provide accurate values here would be
0 commit comments