Skip to content

chore(dogfood): automatically login coder cli in dogfood workspaces #9462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(dogfood): automatically login coder cli in dogfood workspaces #9462

wants to merge 1 commit into from

Conversation

matifali
Copy link
Member

This will auto-authenticate a user with coder in their dogfood workspace.

@matifali
chore(dogfood): automatically login to coder in dogfood template
9bb674c 
This will auto-authenticate a user with coder in their dogfood workspace.
@matifali matifali requested review from mafredri and ammario August 31, 2023 00:27
@matifali matifali changed the title chore(dogfood): automatically login to coder in dogfood template chore(dogfood): automatically login coder cli in dogfood template Aug 31, 2023
@matifali matifali changed the title chore(dogfood): automatically login coder cli in dogfood template chore(dogfood): automatically login coder cli in dogfood workspaces Aug 31, 2023
mafredri
mafredri approved these changes Aug 31, 2023
View reviewed changes
Copy link
Member

@mafredri mafredri left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. I wonder if we should do this via envs? Since envs override the config in e.g. ~/.config/coderv2, this might lead to unexpected behavior.

But also, overwriting config in ~/.config/coderv2 may also lead to unexpected behavior.

Say I've logged in to a different coder instance, but every restart these settings are overridden (env) or overwritten. It would be interesting to introduce this mechanism into the agent.

Something like:

  1. Agent checks [config_dir]/session
    • If missing, write session, url and .agent_managed_login with same modified timestamp as session/url
    • If present, verify timestamp against .agent_managed_login and if they're the same, update session and url
    • If present but diverge, do nothing

Just an idea off the top of my head. Not sure what the right approach would be.

Then again, the envs are probably fine for now.

@matifali
Copy link
Member Author

@mafredri Yes. Thanks for the idea. I faced this as this will automatically invalidate existing auth for any other coder deployment. I guess going the agent way will need some backend work to be done first.

@mafredri
Copy link
Member

@mafredri Yes. Thanks for the idea. I faced this as this will automatically invalidate existing auth for any other coder deployment. I guess going the agent way will need some backend work to be done first.

Maybe, but there may be another option, for instance:

  1. Update coder CLI to support fallback [config]/.workspace_session, [config]/.workspace_url
  2. Write these files from terraform

When the user runs the coder command inside the workspace, it will first look for session and url, not find them, then look for .workspace_session and .workspace_url.

Step 2. can be automated by agent, if we want, but that may require introducing an option like agent_dont_auto_login_the_user since not everyone may want this feature.

@matifali
Copy link
Member Author

@mafredri writing [config]/.workspace_session, [config]/.workspace_url from terraform will likely need updating coder terraform provider if we want it to be a native feature.
Something like

resource coder_agent {
	auto_login = true
}

And this will enable coder agent to automatically create the above session files given, we support fallback in cli.

@ammario
Copy link
Member

ammario commented Aug 31, 2023
edited
Loading

As @mafredri suggested, this change would mess up my workflow where I'm usually authenticated to my development deployment.

That said, automatically logging in the user is a nice default since most of our users aren't developing Coder itself. The auto-login default should apply without template modifications. Using some kind of hierarchy of session token locations where the agents' is last is a good idea.

resource coder_agent {
auto_login = true
}

I don't think we should add configuration until there's a clear need.

@matifali
Copy link
Member Author

@ammario sure. Let us close this and move the discussion to a new issue.

@matifali matifali closed this Aug 31, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Aug 31, 2023
@github-actions github-actions bot deleted the matifali/dogfood-auto-auth branch March 1, 2024 00:04
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mafredri mafredri mafredri approved these changes

@ammario ammario Awaiting requested review from ammario

Assignees

@matifali matifali

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@matifali @mafredri @ammario