Add external-auth subcommand

coder · kylecarbs · Oct 9, 2023 · Oct 4, 2023 · Oct 4, 2023 · Oct 4, 2023
commit 64f22416f0fd99de8192ed882e226792403485ed
diff --git a/cli/externalauth.go b/cli/externalauth.go
@@ -1,6 +1,14 @@
 package cli
 
-import "github.com/coder/coder/v2/cli/clibase"
+import (
+	"os/signal"
+
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/v2/cli/clibase"
+	"github.com/coder/coder/v2/cli/cliui"
+	"github.com/coder/coder/v2/codersdk/agentsdk"
+)
 
 func (r *RootCmd) externalAuth() *clibase.Cmd {
 	return &clibase.Cmd{
@@ -10,27 +18,20 @@ func (r *RootCmd) externalAuth() *clibase.Cmd {
 		Handler: func(i *clibase.Invocation) error {
 			return i.Command.HelpHandler(i)
 		},
-	}
-}
-
-func (r *RootCmd) externalAuthList() *clibase.Cmd {
-	return &clibase.Cmd{
-		Use:   "list",
-		Short: "List external authentication providers",
-		Long:  "List external authentication.",
-		Handler: func(i *clibase.Invocation) error {
-			return i.Command.HelpHandler(i)
+		Children: []*clibase.Cmd{
+			r.externalAuthAccessToken(),
 		},
 	}
 }
 
 func (r *RootCmd) externalAuthAccessToken() *clibase.Cmd {
+	var silent bool
 	return &clibase.Cmd{
-		Use:   "access-token",
+		Use:   "access-token <provider>",
 		Short: "Print auth for an external provider",
 		Long: "Print an access-token for an external auth provider. " +
 			"The access-token will be validated and sent to stdout with exit code 0. " +
-			"If a valid access-token cannot be obtained, the URL to authenticate will be sent to stderr with exit code 1\n" + formatExamples(
+			"If a valid access-token cannot be obtained, the URL to authenticate will be sent to stdout with exit code 1\n" + formatExamples(
 			example{
 				Description: "Ensure that the user is authenticated with GitHub before cloning.",
 				Command: `#!/usr/bin/env sh
@@ -48,9 +49,41 @@ fi
 			Name:        "Silent",
 			Flag:        "s",
 			Description: "Do not print the URL or access token.",
+			Value:       clibase.BoolOf(&silent),
 		}},
 
-		Handler: func(i *clibase.Invocation) error {
+		Handler: func(inv *clibase.Invocation) error {
+			ctx := inv.Context()
+
+			ctx, stop := signal.NotifyContext(ctx, InterruptSignals...)
+			defer stop()
+
+			client, err := r.createAgentClient()
+			if err != nil {
+				return xerrors.Errorf("create agent client: %w", err)
+			}
+
+			token, err := client.ExternalAuth(ctx, agentsdk.ExternalAuthRequest{
+				ID: inv.Args[0],
+			})
+			if err != nil {
+				return xerrors.Errorf("get external auth token: %w", err)
+			}
+
+			if !silent {
+				if token.URL != "" {
+					_, err = inv.Stdout.Write([]byte(token.URL))
+				} else {
+					_, err = inv.Stdout.Write([]byte(token.AccessToken))
+				}
+				if err != nil {
+					return err
+				}
+			}
+
+			if token.URL != "" {
+				return cliui.Canceled
+			}
 			return nil
 		},
 	}

diff --git a/cli/externalauth_test.go b/cli/externalauth_test.go
@@ -0,0 +1,49 @@
+package cli_test
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/coder/coder/v2/cli/clitest"
+	"github.com/coder/coder/v2/cli/cliui"
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk/agentsdk"
+	"github.com/coder/coder/v2/pty/ptytest"
+)
+
+func TestExternalAuth(t *testing.T) {
+	t.Parallel()
+	t.Run("CanceledWithURL", func(t *testing.T) {
+		t.Parallel()
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			httpapi.Write(context.Background(), w, http.StatusOK, agentsdk.ExternalAuthResponse{
+				URL: "https://github.com",
+			})
+		}))
+		t.Cleanup(srv.Close)
+		url := srv.URL
+		inv, _ := clitest.New(t, "--agent-url", url, "external-auth", "access-token", "github")
+		pty := ptytest.New(t)
+		inv.Stdout = pty.Output()
+		waiter := clitest.StartWithWaiter(t, inv)
+		pty.ExpectMatch("https://github.com")
+		waiter.RequireIs(cliui.Canceled)
+	})
+	t.Run("SuccessWithToken", func(t *testing.T) {
+		t.Parallel()
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			httpapi.Write(context.Background(), w, http.StatusOK, agentsdk.ExternalAuthResponse{
+				AccessToken: "bananas",
+			})
+		}))
+		t.Cleanup(srv.Close)
+		url := srv.URL
+		inv, _ := clitest.New(t, "--agent-url", url, "external-auth", "access-token", "github")
+		pty := ptytest.New(t)
+		inv.Stdout = pty.Output()
+		clitest.Start(t, inv)
+		pty.ExpectMatch("bananas")
+	})
+}
diff --git a/cli/root.go b/cli/root.go
@@ -83,6 +83,7 @@ func (r *RootCmd) Core() []*clibase.Cmd {
 	// Please re-sort this list alphabetically if you change it!
 	return []*clibase.Cmd{
 		r.dotfiles(),
+		r.externalAuth(),
 		r.login(),
 		r.logout(),
 		r.netcheck(),

diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/docs/api/agents.md b/docs/api/agents.md
diff --git a/docs/cli.md b/docs/cli.md
@@ -29,6 +29,7 @@ Coder — A tool for provisioning self-hosted development environments with Terr
 | [<code>create</code>](./cli/create.md)                 | Create a workspace                                                                                    |
 | [<code>delete</code>](./cli/delete.md)                 | Delete a workspace                                                                                    |
 | [<code>dotfiles</code>](./cli/dotfiles.md)             | Personalize your workspace by applying a canonical dotfiles repository                                |
+| [<code>external-auth</code>](./cli/external-auth.md)   | Manage external authentication                                                                        |
 | [<code>features</code>](./cli/features.md)             | List Enterprise features                                                                              |
 | [<code>groups</code>](./cli/groups.md)                 | Manage groups                                                                                         |
 | [<code>licenses</code>](./cli/licenses.md)             | Add, delete, and list licenses                                                                        |

diff --git a/docs/cli/external-auth.md b/docs/cli/external-auth.md
diff --git a/docs/cli/external-auth_access-token.md b/docs/cli/external-auth_access-token.md
diff --git a/docs/manifest.json b/docs/manifest.json
@@ -557,6 +557,16 @@
           "description": "Personalize your workspace by applying a canonical dotfiles repository",
           "path": "cli/dotfiles.md"
         },
+        {
+          "title": "external-auth",
+          "description": "Manage external authentication",
+          "path": "cli/external-auth.md"
+        },
+        {
+          "title": "external-auth access-token",
+          "description": "Print auth for an external provider",
+          "path": "cli/external-auth_access-token.md"
+        },
         {
           "title": "features",
           "description": "List Enterprise features",