- Notifications
You must be signed in to change notification settings - Fork1k
chore: Add workspace proxy enterprise cli commands#7176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Add primary access urlInclude app security keyAdd output formats for registering a proxyFix formatsAdd cli cmd to get app security keyAdd deleting proxiesfeat: Allow workspace proxy spawn in develop.shMake genImport ordeRQuote shell varImportsFix lintTabs vs spacesremove unused commandFix compile and make genFix slim cmd to include extra proxy cmdsImport orderImport orderFix commentFix compile with name
cli/server.go Outdated
| ifcfg.Dangerous.DevAppSecurityKey.Value()!="" { | ||
| _,err:=workspaceapps.KeyFromString(cfg.Dangerous.DevAppSecurityKey.Value()) | ||
| iferr!=nil { | ||
| returnxerrors.Errorf("invalid dev app security key: %w",err) | ||
| } | ||
| err=tx.UpsertAppSecurityKey(ctx,cfg.Dangerous.DevAppSecurityKey.Value()) | ||
| iferr!=nil { | ||
| returnxerrors.Errorf("Insert dev app security key: %w",err) | ||
| } | ||
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This will be removed when we do this over an authenticated api
| opts.Add( | ||
| // Options only for external workspace proxies | ||
| clibase.Option{ | ||
| Name:"Proxy Session Token", | ||
| Description:"Authentication token for the workspace proxy to communicate with coderd.", | ||
| Flag:"proxy-session-token", | ||
| Env:"CODER_PROXY_SESSION_TOKEN", | ||
| YAML:"proxySessionToken", | ||
| Default:"", | ||
| Value:&proxySessionToken, | ||
| Group:&externalProxyOptionGroup, | ||
| Hidden:false, | ||
| }, | ||
| clibase.Option{ | ||
| Name:"Coderd (Primary) Access URL", | ||
| Description:"URL to communicate with coderd. This should match the access URL of the Coder deployment.", | ||
| Flag:"primary-access-url", | ||
| Env:"CODER_PRIMARY_ACCESS_URL", | ||
| YAML:"primaryAccessURL", | ||
| Default:"", | ||
| Value:&primaryAccessURL, | ||
| Group:&externalProxyOptionGroup, | ||
| Hidden:false, | ||
| }, | ||
| // TODO: Make sure this is kept secret. Idk if a flag is the best option | ||
| clibase.Option{ | ||
| Name:"App Security Key", | ||
| Description:"App security key used for decrypting/verifying app tokens sent from coderd.", | ||
| Flag:"app-security-key", | ||
| Env:"CODER_APP_SECURITY_KEY", | ||
| YAML:"appSecurityKey", | ||
| Default:"", | ||
| Value:&appSecuritYKey, | ||
| Group:&externalProxyOptionGroup, | ||
| Hidden:false, | ||
| Annotations: clibase.Annotations{}.Mark("secret","true"), | ||
| }, | ||
| ) | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Until we have a better way, this is how I add options that areonly for workspace proxies.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| r.InitClient(client), | ||
| ), | ||
| Handler:func(inv*clibase.Invocation)error { | ||
| if!(primaryAccessURL.Scheme=="http"||primaryAccessURL.Scheme=="https") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
it'd be nice if deployment options can be validated in the option definition but alas
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Interesting idea...@ammario ? Is a "Validate" func field on an option reasonable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I like that idea
Uh oh!
There was an error while loading.Please reload this page.
| clibase.Option{ | ||
| Flag:"only-token", | ||
| Description:"Only print the token. This is useful for scripting.", | ||
| Value:clibase.BoolOf(&onlyToken), | ||
| }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Honestly seems unnecessary given you support JSON output.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This is so easy:
proxy_session_token=$(coder proxy create --only-token)Otherwise I need to chain with jq. This is just nice imo.
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Honestly LGTM 👍
Uh oh!
There was an error while loading.Please reload this page.
What this does
Makes a cli command to spin up external workspace proxies!
This is just the start to get an external workspace proxy up for manual testing/verification. All commands are hidden right now by default.
Future work
Testing/Development
This gives
develop.shan option--use-proxywhich will spin up the devserver with an external workspace proxy. This should allow easier manual validation.Features added to make this work
clibase.Optionsetfilter to filter out options that do not pertain to the workspace proxy.app-security-keyLogs
Run
./develop.sh --use-proxyVideo
Peek.2023-04-18.10-02.webm