Commitdbd7159

committed

feat: add oidc_id_token to workspace_owner data source

Adds support for the new CODER_WORKSPACE_OWNER_OIDC_ID_TOKEN environmentvariable, exposing the OIDC ID token through the coder_workspace_ownerdata source as oidc_id_token.This complements the existing oidc_access_token field.

1 parentc822a5f commitdbd7159Copy full SHA for dbd7159

File tree

4 files changed

+15

-2

lines changed

docs
- data-sources
  - external_auth.md
- resources
  - app.md
provider
- workspace_owner.go
- workspace_owner_test.go

4 files changed

+15

-2

lines changed

`‎docs/data-sources/external_auth.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ data "coder_external_auth" "github" {`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`data "coder_external_auth" "azure-identity" {`
`24`		`- id = "azure-identiy"`
	`24`	`+ id = "azure-identity"`
`25`	`25`	`optional = true`
`26`	`26`	`}`
`27`	`27`	```

`‎docs/resources/app.md‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ resource "coder_app" "vim" {`
`61`	`61`
`62`	`62`	`###Optional`
`63`	`63`
`64`		--`command` (String) A command to run in a terminal opening this app. In the web, this will open in a new tab. In the CLI, this will SSH and execute the command. Either`command` or`url` may be specified, but not both.
	`64`	+-`command` (String) A command to run in a terminal opening this app. In the web, this will open in a new tab. In the CLI, this will SSH and execute the command. Either`command` or`url` may be specified, but not both. Conflicts with`subdomain`.
`65`	`65`	-`display_name` (String) A display name to identify the app. Defaults to the slug.
`66`	`66`	-`external` (Boolean) Specifies whether`url` is opened on the client machine instead of proxied through the workspace.
`67`	`67`	-`group` (String) The name of a group that this app belongs to.

`‎provider/workspace_owner.go‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,7 @@ func workspaceOwnerDataSource() *schema.Resource {`
`54`	`54`
`55`	`55`	`_=rd.Set("session_token",os.Getenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN"))`
`56`	`56`	`_=rd.Set("oidc_access_token",os.Getenv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN"))`
	`57`	`+_=rd.Set("oidc_id_token",os.Getenv("CODER_WORKSPACE_OWNER_OIDC_ID_TOKEN"))`
`57`	`58`
`58`	`59`	`ifloginType:=os.Getenv("CODER_WORKSPACE_OWNER_LOGIN_TYPE");loginType!="" {`
`59`	`60`	`_=rd.Set("login_type",loginType)`
`@@ -123,6 +124,14 @@ func workspaceOwnerDataSource() *schema.Resource {`
`123`	`124`	`"If a valid token cannot be obtained, this value will be an empty string.",`
`124`	`125`	`Sensitive:true,`
`125`	`126`	`},`
	`127`	`+"oidc_id_token": {`
	`128`	`+Type:schema.TypeString,`
	`129`	`+Computed:true,`
	`130`	`+Description:"A valid OpenID Connect ID token of the workspace owner. "+`
	`131`	`+"This is only available if the workspace owner authenticated with OpenID Connect. "+`
	`132`	`+"If a valid token cannot be obtained, this value will be an empty string.",`
	`133`	`+Sensitive:true,`
	`134`	`+},`
`126`	`135`	`"login_type": {`
`127`	`136`	`Type:schema.TypeString,`
`128`	`137`	`Computed:true,`

`‎provider/workspace_owner_test.go‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {`
`33`	`33`	t.Setenv("CODER_WORKSPACE_OWNER_GROUPS",`["group1", "group2"]`)
`34`	`34`	t.Setenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN",`supersecret`)
`35`	`35`	t.Setenv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN",`alsosupersecret`)
	`36`	+t.Setenv("CODER_WORKSPACE_OWNER_OIDC_ID_TOKEN",`yetanothersecret`)
`36`	`37`	t.Setenv("CODER_WORKSPACE_OWNER_LOGIN_TYPE",`github`)
`37`	`38`	t.Setenv("CODER_WORKSPACE_OWNER_RBAC_ROLES",`[{"name":"member","org_id":"00000000-0000-0000-0000-000000000000"}]`)
`38`	`39`
`@@ -61,6 +62,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {`
`61`	`62`	assert.Equal(t,`group2`,attrs["groups.1"])
`62`	`63`	assert.Equal(t,`supersecret`,attrs["session_token"])
`63`	`64`	assert.Equal(t,`alsosupersecret`,attrs["oidc_access_token"])
	`65`	+assert.Equal(t,`yetanothersecret`,attrs["oidc_id_token"])
`64`	`66`	assert.Equal(t,`github`,attrs["login_type"])
`65`	`67`	assert.Equal(t,`member`,attrs["rbac_roles.0.name"])
`66`	`68`	assert.Equal(t,`00000000-0000-0000-0000-000000000000`,attrs["rbac_roles.0.org_id"])
`@@ -79,6 +81,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {`
`79`	`81`	`"CODER_WORKSPACE_OWNER_SESSION_TOKEN",`
`80`	`82`	`"CODER_WORKSPACE_OWNER_GROUPS",`
`81`	`83`	`"CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN",`
	`84`	`+"CODER_WORKSPACE_OWNER_OIDC_ID_TOKEN",`
`82`	`85`	`"CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY",`
`83`	`86`	`"CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY",`
`84`	`87`	`"CODER_WORKSPACE_OWNER_LOGIN_TYPE",`
`@@ -112,6 +115,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {`
`112`	`115`	`assert.Empty(t,attrs["groups.0"])`
`113`	`116`	`assert.Empty(t,attrs["session_token"])`
`114`	`117`	`assert.Empty(t,attrs["oidc_access_token"])`
	`118`	`+assert.Empty(t,attrs["oidc_id_token"])`
`115`	`119`	`assert.Empty(t,attrs["login_type"])`
`116`	`120`	`assert.Empty(t,attrs["rbac_roles.0"])`
`117`	`121`	`returnnil`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitdbd7159

File tree

4 files changed

4 files changed

`‎docs/data-sources/external_auth.md‎`

`‎docs/resources/app.md‎`

`‎provider/workspace_owner.go‎`

`‎provider/workspace_owner_test.go‎`

0 commit comments