feat: Allow workspace proxy spawn in develop.sh

coder · Emyrk · Apr 13, 2023 · Apr 13, 2023 · Apr 13, 2023 · Apr 13, 2023
commit 9d4591c8e94ec6d90561a3d00a69225dcf2a511d
diff --git a/cli/server.go b/cli/server.go
@@ -163,6 +163,19 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 	var (
 		cfg  = new(codersdk.DeploymentValues)
 		opts = cfg.Options()
+		// For the develop.sh script, it is helpful to make this key deterministic.
+		devAppSecurityKey string
+	)
+	opts.Add(
+		clibase.Option{
+			Name:        "App Security Key (Development Only)",
+			Description: "Used to override the app security key stored in the database. This should never be used in production.",
+			Flag:        "dangerous-dev-app-security-key",
+			Default:     "",
+			Value:       clibase.StringOf(&devAppSecurityKey),
+			Annotations: clibase.Annotations{}.Mark("secret", "true"),
+			Hidden:      true,
+		},
 	)
 	serverCmd := &clibase.Cmd{
 		Use:     "server",
@@ -621,6 +634,17 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 					}
 				}
 
+				if devAppSecurityKey != "" {
+					_, err := workspaceapps.KeyFromString(devAppSecurityKey)
+					if err != nil {
+						return xerrors.Errorf("invalid dev app security key: %w", err)
+					}
+					err = tx.UpsertAppSecurityKey(ctx, devAppSecurityKey)
+					if err != nil {
+						return xerrors.Errorf("Insert dev app security key: %w", err)
+					}
+				}
+
 				// Read the app signing key from the DB. We store it hex encoded
 				// since the config table uses strings for the value and we
 				// don't want to deal with automatic encoding issues.

diff --git a/enterprise/cli/workspaceproxy.go b/enterprise/cli/workspaceproxy.go
@@ -69,7 +69,7 @@ func (r *RootCmd) deleteProxy() *clibase.Cmd {
 				return xerrors.Errorf("delete workspace proxy %q: %w", inv.Args[0], err)
 			}
 
-			_, _ = fmt.Fprintln(inv.Stdout, "Workspace proxy %q deleted successfully", inv.Args[0])
+			_, _ = fmt.Fprintf(inv.Stdout, "Workspace proxy %q deleted successfully\n", inv.Args[0])
 			return nil
 		},
 	}

diff --git a/scripts/develop.sh b/scripts/develop.sh
@@ -16,6 +16,8 @@ set -euo pipefail
 DEFAULT_PASSWORD="SomeSecurePassword!"
 password="${CODER_DEV_ADMIN_PASSWORD:-${DEFAULT_PASSWORD}}"
 use_proxy=0
+# Hard coded app security key for the proxy to also use.
+app_security_key=bea458bcfb31990fb70f14a7003c0aad4f371f19653f3a632bc9d3492004cd95e0e542c30e5f158f26728373190bfc802b1c1549f52c149af8ad7f5b12ea1ee0995b95de3b86ae78f021c17437649224cd2dcf1b298d180811cf36f4dcb8f33e
 
 args="$(getopt -o "" -l use-proxy,agpl,password: -- "$@")"
 eval set -- "$args"
@@ -131,7 +133,7 @@ fatal() {
 	trap 'fatal "Script encountered an error"' ERR
 
 	cdroot
-	start_cmd API "" "${CODER_DEV_SHIM}" server --http-address 0.0.0.0:3000 --swagger-enable --access-url "http://127.0.0.1:3000" --experiments "*" "$@"
+	start_cmd API "" "${CODER_DEV_SHIM}" server --http-address 0.0.0.0:3000 --swagger-enable --access-url "http://127.0.0.1:3000" --dangerous-dev-app-security-key ${app_security_key} --experiments "*" "$@"
 
 	echo '== Waiting for Coder to become ready'
 	# Start the timeout in the background so interrupting this script
@@ -178,10 +180,15 @@ fatal() {
 	fi
 
 	if [ "${use_proxy}" -gt "0" ]; then
-		# Create the proxy
-		"${CODER_DEV_SHIM}" proxy register --name=local-proxy --display-name="Local Proxy" --icon="/emojis/1f4bb.png" --access-url=http://localhost:3010 --only-token
-		# Start the proxy
-		start_cmd PROXY proxy "" "${CODER_DEV_SHIM}" proxy --listen-addr
+		log "Using external workspace proxy"
+		(
+			# Attempt to delete the proxy first, in case it already exists.
+			"${CODER_DEV_SHIM}" proxy delete name=local-proxy
+			# Create the proxy
+			proxy_session_token=$("${CODER_DEV_SHIM}" proxy register --name=local-proxy --display-name="Local Proxy" --icon="/emojis/1f4bb.png" --access-url=http://localhost:3010 --only-token)
+			# Start the proxy
+			start_cmd PROXY "" "${CODER_DEV_SHIM}" proxy server --http-address=localhost:3010 --proxy-session-token=${proxy_session_token} --primary-access-url=http://localhost:3000 --app-security-key=${app_security_key}
+		) || echo "Failed to create workspace proxy. No workspace proxy created."
 	fi
 
 	# Start the frontend once we have a template up and running
@@ -208,6 +215,11 @@ fatal() {
 	for iface in "${interfaces[@]}"; do
 		log "$(printf "==                  Web UI: http://%s:8080%$((space_padding - ${#iface}))s==" "$iface" "")"
 	done
+	if [ "${use_proxy}" -gt "0" ]; then
+		for iface in "${interfaces[@]}"; do
+			log "$(printf "==                  Proxy:  http://%s:3010%$((space_padding - ${#iface}))s==" "$iface" "")"
+		done
+	fi
 	log "==                                                                =="
 	log "==      Use ./scripts/coder-dev.sh to talk to this instance!      =="
 	log "$(printf "==       alias cdr=%s/scripts/coder-dev.sh%$((space_padding - ${#PWD}))s==" "$PWD" "")"