Skip to content

Commit c2588ea

Browse files
kacpersawkacpersaw
committed
Return 404 if workspace agent is authenticated through instance id
1 parent 387fc04 commit c2588ea

File tree

4 files changed

+55
-3
lines changed

4 files changed

+55
-3
lines changed

cli/external_workspaces.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@ func (r *RootCmd) externalWorkspaceAgentInstructions() *serpent.Command {
128128
return xerrors.Errorf("find workspace and agent: %w", err)
129129
}
130130

131-
credential, err := client.WorkspaceExternalAgentCredential(inv.Context(), workspace.ID, workspaceAgent.Name)
131+
credential, err := client.WorkspaceExternalAgentCredentials(inv.Context(), workspace.ID, workspaceAgent.Name)
132132
if err != nil {
133133
return xerrors.Errorf("get external agent token for agent %q: %w", workspaceAgent.Name, err)
134134
}
@@ -235,7 +235,7 @@ func fetchExternalAgents(inv *serpent.Invocation, client *codersdk.Client, works
235235
}
236236

237237
agent := resource.Agents[0]
238-
credential, err := client.WorkspaceExternalAgentCredential(inv.Context(), workspace.ID, agent.Name)
238+
credential, err := client.WorkspaceExternalAgentCredentials(inv.Context(), workspace.ID, agent.Name)
239239
if err != nil {
240240
return nil, xerrors.Errorf("get external agent token for agent %q: %w", agent.Name, err)
241241
}

coderd/workspaceagents.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2223,6 +2223,13 @@ func (api *API) workspaceExternalAgentCredentials(rw http.ResponseWriter, r *htt
22232223

22242224
for _, agent := range agents {
22252225
if agent.Name == agentName {
2226+
if agent.AuthInstanceID.Valid {
2227+
httpapi.Write(ctx, rw, http.StatusNotFound, codersdk.Response{
2228+
Message: "External agent is authenticated with an instance ID.",
2229+
})
2230+
return
2231+
}
2232+
22262233
httpapi.Write(ctx, rw, http.StatusOK, codersdk.ExternalAgentCredentials{
22272234
AgentToken: agent.AuthToken.String(),
22282235
})

coderd/workspaceagents_test.go

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3056,3 +3056,48 @@ func (p *pubsubReinitSpy) Subscribe(event string, listener pubsub.Listener) (can
30563056
p.Unlock()
30573057
return cancel, err
30583058
}
3059+
3060+
func TestWorkspaceExternalAgentCredentials(t *testing.T) {
3061+
t.Parallel()
3062+
client, db := coderdtest.NewWithDatabase(t, nil)
3063+
user := coderdtest.CreateFirstUser(t, client)
3064+
3065+
t.Run("Success", func(t *testing.T) {
3066+
t.Parallel()
3067+
ctx := testutil.Context(t, testutil.WaitShort)
3068+
3069+
r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
3070+
OrganizationID: user.OrganizationID,
3071+
OwnerID: user.UserID,
3072+
}).WithAgent(func(a []*proto.Agent) []*proto.Agent {
3073+
a[0].Name = "test-agent"
3074+
return a
3075+
}).Do()
3076+
3077+
credentials, err := client.WorkspaceExternalAgentCredentials(
3078+
ctx, r.Workspace.ID, "test-agent")
3079+
require.NoError(t, err)
3080+
3081+
require.Equal(t, r.AgentToken, credentials.AgentToken)
3082+
})
3083+
3084+
t.Run("WithInstanceID - should return 404", func(t *testing.T) {
3085+
t.Parallel()
3086+
ctx := testutil.Context(t, testutil.WaitShort)
3087+
3088+
r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{
3089+
OrganizationID: user.OrganizationID,
3090+
OwnerID: user.UserID,
3091+
}).WithAgent(func(a []*proto.Agent) []*proto.Agent {
3092+
a[0].Name = "test-agent"
3093+
a[0].Auth = &proto.Agent_InstanceId{
3094+
InstanceId: uuid.New().String(),
3095+
}
3096+
return a
3097+
}).Do()
3098+
3099+
_, err := client.WorkspaceExternalAgentCredentials(ctx, r.Workspace.ID, "test-agent")
3100+
require.Error(t, err)
3101+
require.Contains(t, err.Error(), "External agent is authenticated with an instance ID.")
3102+
})
3103+
}

codersdk/workspaces.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -695,7 +695,7 @@ type ExternalAgentCredentials struct {
695695
AgentToken string `json:"agent_token"`
696696
}
697697

698-
func (c *Client) WorkspaceExternalAgentCredential(ctx context.Context, workspaceID uuid.UUID, agentName string) (ExternalAgentCredentials, error) {
698+
func (c *Client) WorkspaceExternalAgentCredentials(ctx context.Context, workspaceID uuid.UUID, agentName string) (ExternalAgentCredentials, error) {
699699
path := fmt.Sprintf("/api/v2/workspaces/%s/external-agent/%s/credentials", workspaceID.String(), agentName)
700700
res, err := c.Request(ctx, http.MethodGet, path, nil)
701701
if err != nil {

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy