C
Coder.com3w ago
TWA

I am trying to setup Git Auth with Coder Envbuilder

I'm trying to set up GitHub authentication with Coder's Envbuilder, but I'm a bit lost when it comes to configuring Terraform. Here's what I've done so far:
I briefly looked at the .tf file and placed the coder_external_auth block below the coder_workspace_owner. 
data "coder_workspace_owner" "me" {}

data "coder_external_auth" "github" {
  id = "github"
}
data "coder_workspace_owner" "me" {}

data "coder_external_auth" "github" {
  id = "github"
}
I then added this: 
locals {
  envbuilder_env = {
    # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider
    # if the cache repo is enabled.
    "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
    "ENVBUILDER_GIT_URL" : local.repo_url,
  }
  # ...
}
locals {
  envbuilder_env = {
    # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider
    # if the cache repo is enabled.
    "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
    "ENVBUILDER_GIT_URL" : local.repo_url,
  }
  # ...
}
before ENVBUILDER_GIT_URL. Thanks in advance for your help!
33 Replies
Codercord
Codercord3w ago
<#1290930703294402620>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
Phorcys
Phorcys3w ago
TWA
TWA3w ago
thanks! but i'm getting a error: external auth provider "github" is not configured i did configure github external auth for coder though nvm i configured a sso provider not a external auth provider cool configured an external auth provider, i'm now getting Attempted to validate the user's oauth access token from the authentication flow. This situation may occur as a result of an external authentication provider misconfiguration. Verify the external authentication validation URL is accurately configured. after authenticating i still get the error, but in the external auth tab it says authenticated, should I worry about the error, or can i just ignore it? okay cool, now i tried cloning a private repo and i'm getting Failed to clone repository: clone "https://github.com/xyz/abc": authorization failed this is my main.tf file: 
# ...docker devcontainer example
data "coder_workspace_owner" "me" {}

data "coder_external_auth" "github" {
  id = "primary-github"
}

# ...

locals {
  # ...
  git_author_name            = coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)
  git_author_email           = data.coder_workspace_owner.me.email
  repo_url                   = data.coder_parameter.repo.value == "custom" ? data.coder_parameter.custom_repo_url.value : data.coder_parameter.repo.value
  # The envbuilder provider requires a key-value map of environment variables.
  envbuilder_env = {
    # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider
    # if the cache repo is enabled.
    "ENVBUILDER_GIT_URL" : local.repo_url,
    "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
    "ENVBUILDER_CACHE_REPO" : var.cache_repo,
    # ...
  }
  # Convert the above map to the format expected by the docker provider.
  docker_env = [
    for k, v in local.envbuilder_env : "${k}=${v}"
  ]
}

# ...
# ...docker devcontainer example
data "coder_workspace_owner" "me" {}

data "coder_external_auth" "github" {
  id = "primary-github"
}

# ...

locals {
  # ...
  git_author_name            = coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)
  git_author_email           = data.coder_workspace_owner.me.email
  repo_url                   = data.coder_parameter.repo.value == "custom" ? data.coder_parameter.custom_repo_url.value : data.coder_parameter.repo.value
  # The envbuilder provider requires a key-value map of environment variables.
  envbuilder_env = {
    # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider
    # if the cache repo is enabled.
    "ENVBUILDER_GIT_URL" : local.repo_url,
    "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
    "ENVBUILDER_CACHE_REPO" : var.cache_repo,
    # ...
  }
  # Convert the above map to the format expected by the docker provider.
  docker_env = [
    for k, v in local.envbuilder_env : "${k}=${v}"
  ]
}

# ...
cool
Phorcys
Phorcys3w ago
hey, could you share how you configured the external auth in your Coder settings and how you configured the app on GitHub?
TWA
TWA3w ago
sure
TWA
TWA3w ago
No description
TWA
TWA3w ago
No description
TWA
TWA3w ago
No description
Phorcys
Phorcys3w ago
you need to create a separate app for the external auth with a different callback URL https://coder.com/docs/admin/external-auth
TWA
TWA3w ago
i'm currently using two apps one for external auth and one for sso
Phorcys
Phorcys3w ago
alright then all you need to do is edit that callback URL add /external-auth/primary-github/callback at the end of it
TWA
TWA3w ago
it's currently set to that
Phorcys
Phorcys3w ago
is this the one for your SSO?
TWA
TWA3w ago
yes
TWA
TWA3w ago
and the permissions:
No description
Phorcys
Phorcys3w ago
this is the permissions for the external auth one, correct?
TWA
TWA3w ago
yes
Phorcys
Phorcys3w ago
could you send this as text? i'm having trouble reading it
TWA
TWA3w ago
sure
Phorcys
Phorcys3w ago
nevermind it's good was opening the wrong link
TWA
TWA3w ago
# Coder must be reachable from an external URL for users and workspaces to connect.
# e.g. https://coder.example.com
CODER_ACCESS_URL=https://coder.example.com
CODER_WILDCARD_ACCESS_URL=*.coder.example.com

CODER_HTTP_ADDRESS=0.0.0.0:80
CODER_PG_CONNECTION_URL=
CODER_TLS_CERT_FILE=
CODER_TLS_ENABLE=
CODER_TLS_KEY_FILE=

# SMTP
CODER_NOTIFICATIONS_EMAIL_FROM=[email protected]
CODER_NOTIFICATIONS_EMAIL_SMARTHOST=smtp.example.com:587
CODER_NOTIFICATIONS_EMAIL_TLS_STARTTLS=true
CODER_NOTIFICATIONS_EMAIL_AUTH_USERNAME=username
CODER_NOTIFICATIONS_EMAIL_AUTH_PASSWORD="password”

# Github SSO
CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS=true
CODER_OAUTH2_GITHUB_ALLOWED_ORGS="myorgnamehere”
CODER_OAUTH2_GITHUB_CLIENT_ID=“oauth-github-client-id”
CODER_OAUTH2_GITHUB_CLIENT_SECRET="oauth-github-client-secret”

# Github External Auth
CODER_EXTERNAL_AUTH_0_ID="primary-github"
CODER_EXTERNAL_AUTH_0_TYPE=github
CODER_EXTERNAL_AUTH_0_CLIENT_ID="external-auth-github-client-id”
CODER_EXTERNAL_AUTH_0_CLIENT_SECRET="external-auth-github-client-secret”

# Run "coder server --help" for flag information.
# Coder must be reachable from an external URL for users and workspaces to connect.
# e.g. https://coder.example.com
CODER_ACCESS_URL=https://coder.example.com
CODER_WILDCARD_ACCESS_URL=*.coder.example.com

CODER_HTTP_ADDRESS=0.0.0.0:80
CODER_PG_CONNECTION_URL=
CODER_TLS_CERT_FILE=
CODER_TLS_ENABLE=
CODER_TLS_KEY_FILE=

# SMTP
CODER_NOTIFICATIONS_EMAIL_FROM=[email protected]
CODER_NOTIFICATIONS_EMAIL_SMARTHOST=smtp.example.com:587
CODER_NOTIFICATIONS_EMAIL_TLS_STARTTLS=true
CODER_NOTIFICATIONS_EMAIL_AUTH_USERNAME=username
CODER_NOTIFICATIONS_EMAIL_AUTH_PASSWORD="password”

# Github SSO
CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS=true
CODER_OAUTH2_GITHUB_ALLOWED_ORGS="myorgnamehere”
CODER_OAUTH2_GITHUB_CLIENT_ID=“oauth-github-client-id”
CODER_OAUTH2_GITHUB_CLIENT_SECRET="oauth-github-client-secret”

# Github External Auth
CODER_EXTERNAL_AUTH_0_ID="primary-github"
CODER_EXTERNAL_AUTH_0_TYPE=github
CODER_EXTERNAL_AUTH_0_CLIENT_ID="external-auth-github-client-id”
CODER_EXTERNAL_AUTH_0_CLIENT_SECRET="external-auth-github-client-secret”

# Run "coder server --help" for flag information.
TWA
TWA3w ago
I tried unlinking and relinking external auth again, this is the error message, the one i sent previously was when i clicked reauthenticate:
No description
TWA
TWA3w ago
cool, it's showing my auth provider is linked (it showed the same before)
TWA
TWA3w ago
No description
TWA
TWA3w ago
No description
TWA
TWA3w ago
i'm going to try creating a DevContainer with a private repo URL again to see if I missed any details
TWA
TWA3w ago
.
No description
TWA
TWA3w ago
TWA
TWA3w ago
i'm probably doing something pretty simple wrong tried again, same issue this time
Phorcys
Phorcys3w ago
@TWA what version of Coder are you running?
TWA
TWA3w ago
v2.16.0+683a720 Okay, it works now! Instead of using the External Auth section in the Coder UI, I manually added the GitHub app through the github's UI. Now it shows that my organization is authenticated, and cloning private repos work.
Phorcys
Phorcys2w ago
great! sorry that we weren't able to help you sooner, this issue was pretty tough to debug and i was pretty busy 😅
Codercord
Codercord2w ago
@Phorcys closed the thread.
Want results from more Discord servers?
Add your server