C
Coder.com3mo ago
tsa

I am trying to setup Git Auth with Coder Envbuilder

I'm trying to set up GitHub authentication with Coder's Envbuilder, but I'm a bit lost when it comes to configuring Terraform. Here's what I've done so far:
I briefly looked at the .tf file and placed the coder_external_auth block below the coder_workspace_owner. 
data "coder_workspace_owner" "me" {}

data "coder_external_auth" "github" {
  id = "github"
}
data "coder_workspace_owner" "me" {}

data "coder_external_auth" "github" {
  id = "github"
}
I then added this: 
locals {
  envbuilder_env = {
    # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider
    # if the cache repo is enabled.
    "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
    "ENVBUILDER_GIT_URL" : local.repo_url,
  }
  # ...
}
locals {
  envbuilder_env = {
    # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider
    # if the cache repo is enabled.
    "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
    "ENVBUILDER_GIT_URL" : local.repo_url,
  }
  # ...
}
before ENVBUILDER_GIT_URL. Thanks in advance for your help!
33 Replies
Codercord
Codercord3mo ago
<#1290930703294402620>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
Phorcys
Phorcys3mo ago
tsa
tsaOP2mo ago
thanks! but i'm getting a error: external auth provider "github" is not configured i did configure github external auth for coder though nvm i configured a sso provider not a external auth provider cool configured an external auth provider, i'm now getting Attempted to validate the user's oauth access token from the authentication flow. This situation may occur as a result of an external authentication provider misconfiguration. Verify the external authentication validation URL is accurately configured. after authenticating i still get the error, but in the external auth tab it says authenticated, should I worry about the error, or can i just ignore it? okay cool, now i tried cloning a private repo and i'm getting Failed to clone repository: clone "https://github.com/xyz/abc": authorization failed this is my main.tf file: 
# ...docker devcontainer example
data "coder_workspace_owner" "me" {}

data "coder_external_auth" "github" {
  id = "primary-github"
}

# ...

locals {
  # ...
  git_author_name            = coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)
  git_author_email           = data.coder_workspace_owner.me.email
  repo_url                   = data.coder_parameter.repo.value == "custom" ? data.coder_parameter.custom_repo_url.value : data.coder_parameter.repo.value
  # The envbuilder provider requires a key-value map of environment variables.
  envbuilder_env = {
    # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider
    # if the cache repo is enabled.
    "ENVBUILDER_GIT_URL" : local.repo_url,
    "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
    "ENVBUILDER_CACHE_REPO" : var.cache_repo,
    # ...
  }
  # Convert the above map to the format expected by the docker provider.
  docker_env = [
    for k, v in local.envbuilder_env : "${k}=${v}"
  ]
}

# ...
# ...docker devcontainer example
data "coder_workspace_owner" "me" {}

data "coder_external_auth" "github" {
  id = "primary-github"
}

# ...

locals {
  # ...
  git_author_name            = coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)
  git_author_email           = data.coder_workspace_owner.me.email
  repo_url                   = data.coder_parameter.repo.value == "custom" ? data.coder_parameter.custom_repo_url.value : data.coder_parameter.repo.value
  # The envbuilder provider requires a key-value map of environment variables.
  envbuilder_env = {
    # ENVBUILDER_GIT_URL and ENVBUILDER_CACHE_REPO will be overridden by the provider
    # if the cache repo is enabled.
    "ENVBUILDER_GIT_URL" : local.repo_url,
    "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
    "ENVBUILDER_CACHE_REPO" : var.cache_repo,
    # ...
  }
  # Convert the above map to the format expected by the docker provider.
  docker_env = [
    for k, v in local.envbuilder_env : "${k}=${v}"
  ]
}

# ...
cool
Phorcys
Phorcys2mo ago
hey, could you share how you configured the external auth in your Coder settings and how you configured the app on GitHub?
tsa
tsaOP2mo ago
sure
tsa
tsaOP2mo ago
No description
tsa
tsaOP2mo ago
No description
tsa
tsaOP2mo ago
No description
Phorcys
Phorcys2mo ago
you need to create a separate app for the external auth with a different callback URL https://coder.com/docs/admin/external-auth
tsa
tsaOP2mo ago
i'm currently using two apps one for external auth and one for sso
Phorcys
Phorcys2mo ago
alright then all you need to do is edit that callback URL add /external-auth/primary-github/callback at the end of it
tsa
tsaOP2mo ago
it's currently set to that
Phorcys
Phorcys2mo ago
is this the one for your SSO?
tsa
tsaOP2mo ago
yes
tsa
tsaOP2mo ago
and the permissions:
No description
Phorcys
Phorcys2mo ago
this is the permissions for the external auth one, correct?
tsa
tsaOP2mo ago
yes
Phorcys
Phorcys2mo ago
could you send this as text? i'm having trouble reading it
tsa
tsaOP2mo ago
sure
Phorcys
Phorcys2mo ago
nevermind it's good was opening the wrong link
tsa
tsaOP2mo ago
# Coder must be reachable from an external URL for users and workspaces to connect.
# e.g. https://coder.example.com
CODER_ACCESS_URL=https://coder.example.com
CODER_WILDCARD_ACCESS_URL=*.coder.example.com

CODER_HTTP_ADDRESS=0.0.0.0:80
CODER_PG_CONNECTION_URL=
CODER_TLS_CERT_FILE=
CODER_TLS_ENABLE=
CODER_TLS_KEY_FILE=

# SMTP
CODER_NOTIFICATIONS_EMAIL_FROM=[email protected]
CODER_NOTIFICATIONS_EMAIL_SMARTHOST=smtp.example.com:587
CODER_NOTIFICATIONS_EMAIL_TLS_STARTTLS=true
CODER_NOTIFICATIONS_EMAIL_AUTH_USERNAME=username
CODER_NOTIFICATIONS_EMAIL_AUTH_PASSWORD="password”

# Github SSO
CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS=true
CODER_OAUTH2_GITHUB_ALLOWED_ORGS="myorgnamehere”
CODER_OAUTH2_GITHUB_CLIENT_ID=“oauth-github-client-id”
CODER_OAUTH2_GITHUB_CLIENT_SECRET="oauth-github-client-secret”

# Github External Auth
CODER_EXTERNAL_AUTH_0_ID="primary-github"
CODER_EXTERNAL_AUTH_0_TYPE=github
CODER_EXTERNAL_AUTH_0_CLIENT_ID="external-auth-github-client-id”
CODER_EXTERNAL_AUTH_0_CLIENT_SECRET="external-auth-github-client-secret”

# Run "coder server --help" for flag information.
# Coder must be reachable from an external URL for users and workspaces to connect.
# e.g. https://coder.example.com
CODER_ACCESS_URL=https://coder.example.com
CODER_WILDCARD_ACCESS_URL=*.coder.example.com

CODER_HTTP_ADDRESS=0.0.0.0:80
CODER_PG_CONNECTION_URL=
CODER_TLS_CERT_FILE=
CODER_TLS_ENABLE=
CODER_TLS_KEY_FILE=

# SMTP
CODER_NOTIFICATIONS_EMAIL_FROM=[email protected]
CODER_NOTIFICATIONS_EMAIL_SMARTHOST=smtp.example.com:587
CODER_NOTIFICATIONS_EMAIL_TLS_STARTTLS=true
CODER_NOTIFICATIONS_EMAIL_AUTH_USERNAME=username
CODER_NOTIFICATIONS_EMAIL_AUTH_PASSWORD="password”

# Github SSO
CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS=true
CODER_OAUTH2_GITHUB_ALLOWED_ORGS="myorgnamehere”
CODER_OAUTH2_GITHUB_CLIENT_ID=“oauth-github-client-id”
CODER_OAUTH2_GITHUB_CLIENT_SECRET="oauth-github-client-secret”

# Github External Auth
CODER_EXTERNAL_AUTH_0_ID="primary-github"
CODER_EXTERNAL_AUTH_0_TYPE=github
CODER_EXTERNAL_AUTH_0_CLIENT_ID="external-auth-github-client-id”
CODER_EXTERNAL_AUTH_0_CLIENT_SECRET="external-auth-github-client-secret”

# Run "coder server --help" for flag information.
tsa
tsaOP2mo ago
I tried unlinking and relinking external auth again, this is the error message, the one i sent previously was when i clicked reauthenticate:
No description
tsa
tsaOP2mo ago
cool, it's showing my auth provider is linked (it showed the same before)
tsa
tsaOP2mo ago
No description
tsa
tsaOP2mo ago
No description
tsa
tsaOP2mo ago
i'm going to try creating a DevContainer with a private repo URL again to see if I missed any details
tsa
tsaOP2mo ago
.
No description
tsa
tsaOP2mo ago
tsa
tsaOP2mo ago
i'm probably doing something pretty simple wrong tried again, same issue this time
Phorcys
Phorcys2mo ago
@TWA what version of Coder are you running?
tsa
tsaOP2mo ago
v2.16.0+683a720 Okay, it works now! Instead of using the External Auth section in the Coder UI, I manually added the GitHub app through the github's UI. Now it shows that my organization is authenticated, and cloning private repos work.
Phorcys
Phorcys2mo ago
great! sorry that we weren't able to help you sooner, this issue was pretty tough to debug and i was pretty busy 😅
Codercord
Codercord2mo ago
@Phorcys closed the thread.
Want results from more Discord servers?
Add your server