Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure DevOps repo clone with GIT_USERNAME from coder_external_auth #101

Closed
wf1-brandon-grant opened this issue Mar 6, 2024 · 9 comments · Fixed by #109
Closed

Azure DevOps repo clone with GIT_USERNAME from coder_external_auth #101

wf1-brandon-grant opened this issue Mar 6, 2024 · 9 comments · Fixed by #109
Labels
bug Something isn't working

Comments

@wf1-brandon-grant
Copy link

wf1-brandon-grant commented Mar 6, 2024
edited

Hi there,

I am trying to clone a repo from a private Azure DevOps repository.
The user has authenticated using OAUTH2 via the Coder external_auth documentation
image

I am then using the template in the repo and injecting the external auth as a data object in Terraform

data "coder_external_auth" "azure_devops" {
  id = "primary-devops"
}

resource "kubernetes_deployment" "workspace" {
  metadata {
    name      = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
    namespace = var.namespace
    labels = {
      ...
    }
  }
  spec {
    replicas = data.coder_workspace.me.start_count
    selector {
      match_labels = {
        "coder.workspace_id" = data.coder_workspace.me.id
      }
    }
    strategy {
      type = "Recreate"
    }
    template {
      ...
      }
      spec {
        container {
          name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
          # Find the latest version here:
          # https://github.com/coder/envbuilder/tags
          image = "ghcr.io/coder/envbuilder:0.2.7"
          env {
            name  = "CODER_AGENT_TOKEN"
            value = coder_agent.main.token
          }
          env {
            name  = "CODER_AGENT_URL"
            value = replace(data.coder_workspace.me.access_url, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")
          }
          env {
            name  = "GIT_URL"
            value = data.coder_parameter.repo.value == "custom" ? data.coder_parameter.custom_repo_url.value : data.coder_parameter.repo.value
          }
          env {
            name  = "GIT_USERNAME"
            value = data.coder_external_auth.azure_devops.access_token
          }
          env {
            name  = "INIT_SCRIPT"
            value = replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")
          }
          env {
            name  = "FALLBACK_IMAGE"
            value = "codercom/enterprise-base:ubuntu"
          }
          volume_mount {
            name       = "workspaces"
            mount_path = "/workspaces"
          }
        }
        volume {
          name = "workspaces"
          persistent_volume_claim {
            claim_name = kubernetes_persistent_volume_claim.workspaces.metadata.0.name
          }
        }
      }
    }
  }
}

When it get's to checking out the repo, the terraform throws a pretty unhelpful error:

#1: 📦 Cloning https://<our_org>@dev.azure.com/<our_org>/build-automation/_git/devcontainers to /workspaces/devcontainers...
Failed to clone repository: clone "https://<access_token_I_presume>:@dev.azure.com/<our_org>/build-automation/_git/devcontainers": unexpected client error: unexpected requesting "https://<access_token_I_presume>@dev.azure.com/<our_org>/build-automation/_git/devcontainers/git-upload-pack" status code: 400
Falling back to the default image...

Am I missing something or is there something I can test?
@coder-labeler coder-labeler bot added the bug Something isn't working label Mar 6, 2024
@wf1-brandon-grant
Copy link
Author

Could it be related to this issue on the Git Go repository?
go-git/go-git#64

@wf1-brandon-grant wf1-brandon-grant mentioned this issue Mar 6, 2024
Closed
@kylecarbs
Copy link
Member

@wf1-brandon-grant based on: https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows#use-a-pat

It seems the username should be a dummy string, and GIT_PASSWORD should be the token.

Have you tried that?

@wf1-brandon-grant
Copy link
Author

I have given that a shot with the below:
image

Same error response I am afraid.

@wf1-brandon-grant
Copy link
Author

wf1-brandon-grant commented Mar 6, 2024
edited

Interestingly, if I open up the workspace (as it falls back to the enterprise container image).
And hop into the directory that was cloned, there is a .git/config that when I use the URL with git clone in the cli, works as expected and clones the repo

@wf1-brandon-grant
Copy link
Author

Hi @kylecarbs -
Do you have any thoughts on how we might be able to work around this issue?

@kylecarbs
Copy link
Member

Hmm odd that cloning afterwards fails.

I'll look at this today.

kylecarbs added a commit that referenced this issue Mar 15, 2024
@kylecarbs
fix: rewrite clone capabilities for Azure DevOps
a5157de 
See the code comment for clarification.

Fixes #101.
@kylecarbs kylecarbs mentioned this issue Mar 15, 2024
Merged
@kylecarbs
Copy link
Member

@wf1-brandon-grant fixed in the attached PR! I'll do a release post-merge.

@kylecarbs
Copy link
Member

@wf1-brandon-grant please let me know if that fixes it or not, it'd be very helpful!

@wf1-brandon-grant
Copy link
Author

Hey @kylecarbs -
Just gave this a test and it has done the trick. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: rewrite clone capabilities for Azure DevOps coder/envbuilder
2 participants
@kylecarbs @wf1-brandon-grant