Skip to content

gitauth: automatically match against the auth URL #8293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
waza-ari opened this issue Jul 1, 2023 · 7 comments · Fixed by #13102
Closed

gitauth: automatically match against the auth URL #8293

waza-ari opened this issue Jul 1, 2023 · 7 comments · Fixed by #13102
Assignees
@Emyrk

Comments

@waza-ari
Copy link

waza-ari commented Jul 1, 2023
edited
Loading

We'd like to setup coder with a self hosted Gitlab Instance. Currently, it is configured as follows (taken from values set when using the Helm chart):

(Happy to submit a PR for more comprehensive documentation once this works)

    - name: CODER_GITAUTH_0_ID
      value: "gitlab"
    - name: CODER_GITAUTH_0_TYPE
      value: "gitlab"
    - name: CODER_GITAUTH_0_CLIENT_ID
      value: "xxx"
    - name: CODER_GITAUTH_0_CLIENT_SECRET
      value: "xxx"
    - name: CODER_GITAUTH_0_AUTH_URL
      value: "https://git.my-url.com/oauth/authorize"
    - name: CODER_GITAUTH_0_TOKEN_URL
      value: "https://git.my-url.com/oauth/token"
    - name: CODER_GITAUTH_0_VALIDATE_URL
      value: "https://git.my-url.com/oauth/introspect"

In the workspace template, I've added

data "coder_git_auth" "gitlab" {
  # Matches the ID of the git auth provider in Coder.
  id = "gitlab"
}

resource "coder_agent" "main" {
  ...
  env = {
    GITHUB_TOKEN : data.coder_git_auth.gitlab.access_token
  }
  startup_script         = <<-EOT
    set -e

    # install and start code-server
    curl -fsSL https://code-server.dev/install.sh | sh -s -- --method=standalone --prefix=/tmp/code-server --version 4.11.0
    if [ ! -d ~/myorg-backend ]; then
      git clone https://git.my-url.com/myorg/myorg-backend.git
    fi
    /tmp/code-server/bin/code-server --auth none --port 13337 >/tmp/code-server.log 2>&1 &
  EOT
}

During workspace creation, I can successfully authenticate against our Gitlab instance. With this, I'm getting the following error message when starting the workspace:

Cloning into 'myorg-backend'...
ERROR: No git provider found for URL "https://git.my-url.com"
                                                                   
error: unable to read askpass response from '/tmp/coder.RWO22I/coder'
fatal: could not read Username for 'https://git.my-url.com': No such device or address

It's probably to do with the GITHUB_TOKEN environment variable which I don't fully understand. How would I do the automatic clone for custom hosted Gitlab?
@cdr-bot cdr-bot bot added the feature label Jul 1, 2023
@waza-ari
Copy link
Author

waza-ari commented Jul 2, 2023

The issue was fixed by setting an additional variable like this:

    - name: CODER_GITAUTH_0_REGEX
      value: "git.my-url.com"

I'll keep this issue open for now as I'd like to propose a PR for the docs to add some more details.

@kylecarbs
Copy link
Member

@waza-ari happy you were able to get this fixed! We should automatically do this for you anyways, with the option to override it. It's silly that it's required when we already know the base URL!

@kylecarbs kylecarbs changed the title Using Git integration with self-hosted Gitlab Automatically match against the auth URL Jul 3, 2023
@kylecarbs kylecarbs changed the title Automatically match against the auth URL gitauth: Automatically match against the auth URL Jul 3, 2023
@kylecarbs kylecarbs changed the title gitauth: Automatically match against the auth URL gitauth: automatically match against the auth URL Jul 3, 2023
@waza-ari
Copy link
Author

waza-ari commented Jul 3, 2023

@kylecarbs that would even be better, would highly appreciate that.

I also would like to have some more documentation around the environment variables used for git authentication. Right now I'm setting

env = {
    GITHUB_TOKEN : data.coder_git_auth.gitlab.access_token
    GITLAB_TOKEN : data.coder_git_auth.gitlab.access_token
  }

The example only shows GITHUB_TOKEN. I know its gitauth under the hood, but I'm not too familiar with it and even less familiar how the environment variables are tied into it. If there's some hint available I could take a stab at the documentation.

I'm using coder for a couple of days only but I love the concept. Working with a non-profit org at the moment so not really in the position to show my gratitude with money, but maybe I can help by writing some docs.

@matifali matifali added the docs Area: coder.com/docs label Jul 3, 2023
@matifali
Copy link
Member

matifali commented Jul 3, 2023
edited
Loading

Thank you, @waza-ari. Feel free to open a PR for any improvements you see for the docs.

@waza-ari
Copy link
Author

waza-ari commented Jul 3, 2023

@matifali I will, need to understand it first myself :)

@github-actions github-actions bot added the stale This issue is like stale bread. label Jan 2, 2024
@matifali matifali removed the docs Area: coder.com/docs label Jan 3, 2024
@github-actions github-actions bot removed the stale This issue is like stale bread. label Jan 4, 2024
@kylecarbs
Copy link
Member

I'm pretty sure @Emyrk did this. If not, please reopen.

@kylecarbs kylecarbs closed this as not planned Won't fix, can't repro, duplicate, stale Apr 26, 2024
@Emyrk
Copy link
Member

Emyrk commented Apr 29, 2024
edited
Loading

I did not do this for gitlab. It is still static:

coder/coderd/externalauth/externalauth.go

Lines 792 to 800 in 8b1393f

codersdk.EnhancedExternalAuthProviderGitLab: {
AuthURL: "https://gitlab.com/oauth/authorize",
TokenURL: "https://gitlab.com/oauth/token",
ValidateURL: "https://gitlab.com/oauth/token/info",
DisplayName: "GitLab",
DisplayIcon: "/icon/gitlab.svg",
Regex: `^(https?://)?gitlab\.com(/.*)?$`,
Scopes: []string{"write_repository"},
},

I can come up with something to make gitlab dynamic if not using the expected domain. I'll fix this today.

@Emyrk Emyrk reopened this Apr 29, 2024
@Emyrk Emyrk self-assigned this Apr 29, 2024
@coder-labeler coder-labeler bot added the waiting-for-info The issue creator is asked to provide more information. label Apr 29, 2024
@matifali matifali removed the waiting-for-info The issue creator is asked to provide more information. label Apr 29, 2024
@Emyrk Emyrk mentioned this issue Apr 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Emyrk Emyrk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: dynamically determine gitlab external auth defaults coder/coder
4 participants
@waza-ari @Emyrk @kylecarbs @matifali