Azure DevOps repo clone with GIT_USERNAME from coder_external_auth

[wf1-brandon-grant]

Hi there,

I am trying to clone a repo from a private Azure DevOps repository.
The user has authenticated using OAUTH2 via the Coder external_auth documentation

I am then using the template in the repo and injecting the external auth as a data object in Terraform

data "coder_external_auth" "azure_devops" {
  id = "primary-devops"
}

resource "kubernetes_deployment" "workspace" {
  metadata {
    name      = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
    namespace = var.namespace
    labels = {
      ...
    }
  }
  spec {
    replicas = data.coder_workspace.me.start_count
    selector {
      match_labels = {
        "coder.workspace_id" = data.coder_workspace.me.id
      }
    }
    strategy {
      type = "Recreate"
    }
    template {
      ...
      }
      spec {
        container {
          name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
          # Find the latest version here:
          # https://github.com/coder/envbuilder/tags
          image = "ghcr.io/coder/envbuilder:0.2.7"
          env {
            name  = "CODER_AGENT_TOKEN"
            value = coder_agent.main.token
          }
          env {
            name  = "CODER_AGENT_URL"
            value = replace(data.coder_workspace.me.access_url, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")
          }
          env {
            name  = "GIT_URL"
            value = data.coder_parameter.repo.value == "custom" ? data.coder_parameter.custom_repo_url.value : data.coder_parameter.repo.value
          }
          env {
            name  = "GIT_USERNAME"
            value = data.coder_external_auth.azure_devops.access_token
          }
          env {
            name  = "INIT_SCRIPT"
            value = replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")
          }
          env {
            name  = "FALLBACK_IMAGE"
            value = "codercom/enterprise-base:ubuntu"
          }
          volume_mount {
            name       = "workspaces"
            mount_path = "/workspaces"
          }
        }
        volume {
          name = "workspaces"
          persistent_volume_claim {
            claim_name = kubernetes_persistent_volume_claim.workspaces.metadata.0.name
          }
        }
      }
    }
  }
}

When it get's to checking out the repo, the terraform throws a pretty unhelpful error:

#1: 📦 Cloning https://<our_org>@dev.azure.com/<our_org>/build-automation/_git/devcontainers to /workspaces/devcontainers...
Failed to clone repository: clone "https://<access_token_I_presume>:@dev.azure.com/<our_org>/build-automation/_git/devcontainers": unexpected client error: unexpected requesting
Falling back to the default image...

Am I missing something or is there something I can test?

[kylecarbs]

@wf1-brandon-grant did you figure this out?

[wf1-brandon-grant]

@kylecarbs I realised that it would be more appropriate in the envbuilder repo, so I recreated the issue there.
Sorry for the noise

[kylecarbs]

@wf1-brandon-grant not a problem at all -- just wanted to make sure you weren't blocked.

[wf1-brandon-grant]

@kylecarbs thanks! Still running into the issue I'm afraid. But it seems related to the git clone implementation in envbuilder