Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitf8474a8

Browse files
committed
feat: add oidc_id_token to workspace_owner data source
Adds support for the new CODER_WORKSPACE_OWNER_OIDC_ID_TOKEN environmentvariable, exposing the OIDC ID token through the coder_workspace_ownerdata source as oidc_id_token.This complements the existing oidc_access_token field.
1 parentc822a5f commitf8474a8

File tree

3 files changed

+15
-0
lines changed

3 files changed

+15
-0
lines changed

‎docs/data-sources/workspace_owner.md‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ resource "coder_agent" "dev" {
2323
dir = "/workspace"
2424
env = {
2525
OIDC_TOKEN : data.coder_workspace_owner.me.oidc_access_token,
26+
OIDC_ID_TOKEN : data.coder_workspace_owner.me.oidc_id_token,
2627
}
2728
}
2829
@@ -53,6 +54,7 @@ resource "coder_env" "git_author_email" {
5354
-`login_type` (String) The type of login the user has.
5455
-`name` (String) The username of the user.
5556
-`oidc_access_token` (String, Sensitive) A valid OpenID Connect access token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string.
57+
-`oidc_id_token` (String, Sensitive) A valid OpenID Connect ID token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string.
5658
-`rbac_roles` (List of Object) The RBAC roles of which the user is assigned. (see[below for nested schema](#nestedatt--rbac_roles))
5759
-`session_token` (String, Sensitive) Session token for authenticating with a Coder deployment. It is regenerated every time a workspace is started.
5860
-`ssh_private_key` (String, Sensitive) The user's generated SSH private key.

‎provider/workspace_owner.go‎

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ func workspaceOwnerDataSource() *schema.Resource {
5454

5555
_=rd.Set("session_token",os.Getenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN"))
5656
_=rd.Set("oidc_access_token",os.Getenv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN"))
57+
_=rd.Set("oidc_id_token",os.Getenv("CODER_WORKSPACE_OWNER_OIDC_ID_TOKEN"))
5758

5859
ifloginType:=os.Getenv("CODER_WORKSPACE_OWNER_LOGIN_TYPE");loginType!="" {
5960
_=rd.Set("login_type",loginType)
@@ -123,6 +124,14 @@ func workspaceOwnerDataSource() *schema.Resource {
123124
"If a valid token cannot be obtained, this value will be an empty string.",
124125
Sensitive:true,
125126
},
127+
"oidc_id_token": {
128+
Type:schema.TypeString,
129+
Computed:true,
130+
Description:"A valid OpenID Connect ID token of the workspace owner. "+
131+
"This is only available if the workspace owner authenticated with OpenID Connect. "+
132+
"If a valid token cannot be obtained, this value will be an empty string.",
133+
Sensitive:true,
134+
},
126135
"login_type": {
127136
Type:schema.TypeString,
128137
Computed:true,

‎provider/workspace_owner_test.go‎

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {
3333
t.Setenv("CODER_WORKSPACE_OWNER_GROUPS",`["group1", "group2"]`)
3434
t.Setenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN",`supersecret`)
3535
t.Setenv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN",`alsosupersecret`)
36+
t.Setenv("CODER_WORKSPACE_OWNER_OIDC_ID_TOKEN",`yetanothersecret`)
3637
t.Setenv("CODER_WORKSPACE_OWNER_LOGIN_TYPE",`github`)
3738
t.Setenv("CODER_WORKSPACE_OWNER_RBAC_ROLES",`[{"name":"member","org_id":"00000000-0000-0000-0000-000000000000"}]`)
3839

@@ -61,6 +62,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {
6162
assert.Equal(t,`group2`,attrs["groups.1"])
6263
assert.Equal(t,`supersecret`,attrs["session_token"])
6364
assert.Equal(t,`alsosupersecret`,attrs["oidc_access_token"])
65+
assert.Equal(t,`yetanothersecret`,attrs["oidc_id_token"])
6466
assert.Equal(t,`github`,attrs["login_type"])
6567
assert.Equal(t,`member`,attrs["rbac_roles.0.name"])
6668
assert.Equal(t,`00000000-0000-0000-0000-000000000000`,attrs["rbac_roles.0.org_id"])
@@ -79,6 +81,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {
7981
"CODER_WORKSPACE_OWNER_SESSION_TOKEN",
8082
"CODER_WORKSPACE_OWNER_GROUPS",
8183
"CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN",
84+
"CODER_WORKSPACE_OWNER_OIDC_ID_TOKEN",
8285
"CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY",
8386
"CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY",
8487
"CODER_WORKSPACE_OWNER_LOGIN_TYPE",
@@ -112,6 +115,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {
112115
assert.Empty(t,attrs["groups.0"])
113116
assert.Empty(t,attrs["session_token"])
114117
assert.Empty(t,attrs["oidc_access_token"])
118+
assert.Empty(t,attrs["oidc_id_token"])
115119
assert.Empty(t,attrs["login_type"])
116120
assert.Empty(t,attrs["rbac_roles.0"])
117121
returnnil

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp