From b29859a2469a55731b288c3b2c262f30037e1669 Mon Sep 17 00:00:00 2001 From: Christopher Trent Date: Sat, 28 Dec 2024 22:46:05 +0000 Subject: [PATCH 1/4] [docs] update external auth to better explain process --- docs/admin/external-auth.md | 54 +++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/docs/admin/external-auth.md b/docs/admin/external-auth.md index d859467aa6d7a..497e8a09676d2 100644 --- a/docs/admin/external-auth.md +++ b/docs/admin/external-auth.md @@ -11,22 +11,72 @@ application. The following providers are supported: The next step is to configure the Coder server to use the OAuth application by setting the following environment variables: +
+ +## Environment Variables ```env CODER_EXTERNAL_AUTH_0_ID="" CODER_EXTERNAL_AUTH_0_TYPE= -CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx -CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx +CODER_EXTERNAL_AUTH_0_CLIENT_ID= +CODER_EXTERNAL_AUTH_0_CLIENT_SECRET= # Optionally, configure a custom display name and icon CODER_EXTERNAL_AUTH_0_DISPLAY_NAME="Google Calendar" CODER_EXTERNAL_AUTH_0_DISPLAY_ICON="https://mycustomicon.com/google.svg" ``` +The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal +reference. Therefore, it can be set arbitrarily (e.g., `primary-github` for your +GitHub provider). + +## Docker Compose + +```yaml +services: + coder: + environment: + CODER_EXTERNAL_AUTH_0_ID: + CODER_EXTERNAL_AUTH_0_TYPE: + CODER_EXTERNAL_AUTH_0_CLIENT_ID: + CODER_EXTERNAL_AUTH_0_CLIENT_SECRET: +``` + +The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal +reference. Therefore, it can be set arbitrarily (e.g., `primary-github` for your +GitHub provider). + +## Docker CLI + +```sh +export DOCKER_GROUP=$(getent group docker | cut -d: -f3) +docker run --rm -it \ + -e CODER_ACCESS_URL="https://coder.example.com" \ + -e CODER_PG_CONECTION_URL="postgresql://username:password@database/coder" \ + -e CODER_EXTERNAL_AUTH_0_ID="" \ + -e CODER_EXTERNAL_AUTH_0_TYPE="" \ + -e CODER_EXTERNAL_AUTH_0_CLIENT_ID="" \ + -e CODER_EXTERNAL_AUTH_0_CLIENT_SECRET="" \ + -v /var/run/docker.sock:/var/run/docker.sock \ + --group-add $DOCKER_GROUP \ + ghcr.io/coder/coder:latest +``` The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal reference. Therefore, it can be set arbitrarily (e.g., `primary-github` for your GitHub provider). +
+ +You can now add the following code to any template. This will add a button to the workspace setup page which will allow you to authenticate with your provider. + +```tf +data "coder_external_auth" "" { + id = "" +} +``` + +Inside your terraform code, you now have access to authentication variables. Reference the documentation for your chosen provider for more information on how to supply it with a token. + ## GitHub > If you don't require fine-grained access control, it's easier to configure a From 5a8658d8c97a6c7cf3e5c6668c25384b3418b64f Mon Sep 17 00:00:00 2001 From: Christopher Trent Date: Sat, 28 Dec 2024 23:36:39 +0000 Subject: [PATCH 2/4] add example to terraform snippet --- docs/admin/external-auth.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/admin/external-auth.md b/docs/admin/external-auth.md index 497e8a09676d2..c9602970bc819 100644 --- a/docs/admin/external-auth.md +++ b/docs/admin/external-auth.md @@ -73,6 +73,13 @@ You can now add the following code to any template. This will add a button to th data "coder_external_auth" "" { id = "" } + +# Github Example (CODER_EXTERNAL_AUTH_0_ID="github-auth") +# makes a github authentication token available at data.coder_external_auth.github.access_token +data "coder_external_auth" "github" { + id = "github-auth" +} + ``` Inside your terraform code, you now have access to authentication variables. Reference the documentation for your chosen provider for more information on how to supply it with a token. From 45ad599ced1ff9edfb4634ba454a03df095f197b Mon Sep 17 00:00:00 2001 From: Christopher Trent Date: Thu, 2 Jan 2025 13:06:03 -0800 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: Muhammad Atif Ali --- docs/admin/external-auth.md | 36 +----------------------------------- 1 file changed, 1 insertion(+), 35 deletions(-) diff --git a/docs/admin/external-auth.md b/docs/admin/external-auth.md index c9602970bc819..6504f760f7c3a 100644 --- a/docs/admin/external-auth.md +++ b/docs/admin/external-auth.md @@ -11,9 +11,8 @@ application. The following providers are supported: The next step is to configure the Coder server to use the OAuth application by setting the following environment variables: -
-## Environment Variables +## Configuration ```env CODER_EXTERNAL_AUTH_0_ID="" @@ -29,44 +28,11 @@ The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal reference. Therefore, it can be set arbitrarily (e.g., `primary-github` for your GitHub provider). -## Docker Compose - -```yaml -services: - coder: - environment: - CODER_EXTERNAL_AUTH_0_ID: - CODER_EXTERNAL_AUTH_0_TYPE: - CODER_EXTERNAL_AUTH_0_CLIENT_ID: - CODER_EXTERNAL_AUTH_0_CLIENT_SECRET: -``` The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal reference. Therefore, it can be set arbitrarily (e.g., `primary-github` for your GitHub provider). -## Docker CLI - -```sh -export DOCKER_GROUP=$(getent group docker | cut -d: -f3) -docker run --rm -it \ - -e CODER_ACCESS_URL="https://coder.example.com" \ - -e CODER_PG_CONECTION_URL="postgresql://username:password@database/coder" \ - -e CODER_EXTERNAL_AUTH_0_ID="" \ - -e CODER_EXTERNAL_AUTH_0_TYPE="" \ - -e CODER_EXTERNAL_AUTH_0_CLIENT_ID="" \ - -e CODER_EXTERNAL_AUTH_0_CLIENT_SECRET="" \ - -v /var/run/docker.sock:/var/run/docker.sock \ - --group-add $DOCKER_GROUP \ - ghcr.io/coder/coder:latest -``` - -The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal -reference. Therefore, it can be set arbitrarily (e.g., `primary-github` for your -GitHub provider). - -
- You can now add the following code to any template. This will add a button to the workspace setup page which will allow you to authenticate with your provider. ```tf From 92a6d378647014ecc4e2597636fbbff0d9acab67 Mon Sep 17 00:00:00 2001 From: Christopher Trent Date: Thu, 2 Jan 2025 21:09:15 +0000 Subject: [PATCH 4/4] manually integrate code-review suggestion --- docs/admin/external-auth.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/admin/external-auth.md b/docs/admin/external-auth.md index 6504f760f7c3a..87b7e81121da0 100644 --- a/docs/admin/external-auth.md +++ b/docs/admin/external-auth.md @@ -28,11 +28,6 @@ The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal reference. Therefore, it can be set arbitrarily (e.g., `primary-github` for your GitHub provider). - -The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal -reference. Therefore, it can be set arbitrarily (e.g., `primary-github` for your -GitHub provider). - You can now add the following code to any template. This will add a button to the workspace setup page which will allow you to authenticate with your provider. ```tf @@ -50,6 +45,14 @@ data "coder_external_auth" "github" { Inside your terraform code, you now have access to authentication variables. Reference the documentation for your chosen provider for more information on how to supply it with a token. +### Workspace CLI +An access token can be accessed within the workspace by using + +``` +coder external-auth access-token +``` + + ## GitHub > If you don't require fine-grained access control, it's easier to configure a