chore: Add workspace proxy enterprise cli commands #7176
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add primary access url Include app security key Add output formats for registering a proxy Fix formats Add cli cmd to get app security key Add deleting proxies feat: Allow workspace proxy spawn in develop.sh Make gen Import ordeR Quote shell var Imports Fix lint Tabs vs spaces remove unused command Fix compile and make gen Fix slim cmd to include extra proxy cmds Import order Import order Fix comment Fix compile with name
Emyrk
commented
Apr 18, 2023
cli/server.go
Outdated
Comment on lines
624
to
633
| if cfg.Dangerous.DevAppSecurityKey.Value() != "" { | ||
| _, err := workspaceapps.KeyFromString(cfg.Dangerous.DevAppSecurityKey.Value()) | ||
| if err != nil { | ||
| return xerrors.Errorf("invalid dev app security key: %w", err) | ||
| } | ||
| err = tx.UpsertAppSecurityKey(ctx, cfg.Dangerous.DevAppSecurityKey.Value()) | ||
| if err != nil { | ||
| return xerrors.Errorf("Insert dev app security key: %w", err) | ||
| } | ||
| } |
There was a problem hiding this comment.
This will be removed when we do this over an authenticated api
enterprise/cli/proxyserver.go
Outdated
Comment on lines
60
to
101
| opts.Add( | ||
| // Options only for external workspace proxies | ||
|
|
||
| clibase.Option{ | ||
| Name: "Proxy Session Token", | ||
| Description: "Authentication token for the workspace proxy to communicate with coderd.", | ||
| Flag: "proxy-session-token", | ||
| Env: "CODER_PROXY_SESSION_TOKEN", | ||
| YAML: "proxySessionToken", | ||
| Default: "", | ||
| Value: &proxySessionToken, | ||
| Group: &externalProxyOptionGroup, | ||
| Hidden: false, | ||
| }, | ||
|
|
||
| clibase.Option{ | ||
| Name: "Coderd (Primary) Access URL", | ||
| Description: "URL to communicate with coderd. This should match the access URL of the Coder deployment.", | ||
| Flag: "primary-access-url", | ||
| Env: "CODER_PRIMARY_ACCESS_URL", | ||
| YAML: "primaryAccessURL", | ||
| Default: "", | ||
| Value: &primaryAccessURL, | ||
| Group: &externalProxyOptionGroup, | ||
| Hidden: false, | ||
| }, | ||
|
|
||
| // TODO: Make sure this is kept secret. Idk if a flag is the best option | ||
| clibase.Option{ | ||
| Name: "App Security Key", | ||
| Description: "App security key used for decrypting/verifying app tokens sent from coderd.", | ||
| Flag: "app-security-key", | ||
| Env: "CODER_APP_SECURITY_KEY", | ||
| YAML: "appSecurityKey", | ||
| Default: "", | ||
| Value: &appSecuritYKey, | ||
| Group: &externalProxyOptionGroup, | ||
| Hidden: false, | ||
| Annotations: clibase.Annotations{}.Mark("secret", "true"), | ||
| }, | ||
| ) | ||
|
|
There was a problem hiding this comment.
Until we have a better way, this is how I add options that are only for workspace proxies.
| r.InitClient(client), | ||
| ), | ||
| Handler: func(inv *clibase.Invocation) error { | ||
| if !(primaryAccessURL.Scheme == "http" || primaryAccessURL.Scheme == "https") { |
There was a problem hiding this comment.
it'd be nice if deployment options can be validated in the option definition but alas
There was a problem hiding this comment.
Interesting idea... @ammario ? Is a "Validate" func field on an option reasonable?
Comment on lines
+149
to
+153
| clibase.Option{ | ||
| Flag: "only-token", | ||
| Description: "Only print the token. This is useful for scripting.", | ||
| Value: clibase.BoolOf(&onlyToken), | ||
| }, |
There was a problem hiding this comment.
Honestly seems unnecessary given you support JSON output.
There was a problem hiding this comment.
This is so easy:
proxy_session_token=$(coder proxy create --only-token)
Otherwise I need to chain with jq. This is just nice imo.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this does
Makes a cli command to spin up external workspace proxies!
This is just the start to get an external workspace proxy up for manual testing/verification. All commands are hidden right now by default.
Future work
Testing/Development
This gives
develop.shan option--use-proxywhich will spin up the devserver with an external workspace proxy. This should allow easier manual validation.Features added to make this work
clibase.Optionsetfilter to filter out options that do not pertain to the workspace proxy.app-security-keyLogs
Run
./develop.sh --use-proxyVideo
Peek.2023-04-18.10-02.webm