10 replies

coder_agent.main.token is not valid in windows workspace

📨waiting-for-user🟢open

Hey guys, I'm working on setting up coder with GitLab external-auth on a windows workspace, provisioned via Azure. After a lot of reading, I've found that I need to pipe in

CODER_AGENT_TOKEN

CODER_AGENT_TOKEN

and

CODER_AGENT_URL

CODER_AGENT_URL

so I can have the my

GIT_ASKPASS

GIT_ASKPASS

script dyamically fetch the token for GitLab - I've done that as follows in my

tf

tf

file:

...
resource "coder_agent" "main" {
  arch          = "amd64"
  auth          = "azure-instance-identity"
  os            = "windows"
  api_key_scope = "all"
}

resource "azurerm_windows_virtual_machine" "main" {
  ...
  custom_data = base64encode(
    templatefile("${path.module}/Initialize.ps1.tftpl", {
      ...
      coder_agent_token         = coder_agent.main.token
      coder_agent_url           = data.coder_workspace.me.access_url
    })
  )
...

...
resource "coder_agent" "main" {
  arch          = "amd64"
  auth          = "azure-instance-identity"
  os            = "windows"
  api_key_scope = "all"
}

resource "azurerm_windows_virtual_machine" "main" {
  ...
  custom_data = base64encode(
    templatefile("${path.module}/Initialize.ps1.tftpl", {
      ...
      coder_agent_token         = coder_agent.main.token
      coder_agent_url           = data.coder_workspace.me.access_url
    })
  )
...

And then inside of

Initialize.ps1.tftpl

Initialize.ps1.tftpl

...
[System.Environment]::SetEnvironmentVariable("CODER_AGENT_TOKEN", "${coder_agent_token}", "User")
[System.Environment]::SetEnvironmentVariable("CODER_AGENT_URL", "${coder_agent_url}", "User")
# I also tried setting the above at "Machine" scope, results the same as desribed below

...
[System.Environment]::SetEnvironmentVariable("CODER_AGENT_TOKEN", "${coder_agent_token}", "User")
[System.Environment]::SetEnvironmentVariable("CODER_AGENT_URL", "${coder_agent_url}", "User")
# I also tried setting the above at "Machine" scope, results the same as desribed below

When I RDP into my workspace, I can run

Get-ChildItem Env:

Get-ChildItem Env:

and see that both of those variables are in fact set. However, when I run

coder external-auth access-token gitlab

coder external-auth access-token gitlab

, I hit the following error:

Encountered an error running "coder external-auth access-token", see "coder external-auth access-token --help" for more information
error: Trace=[get external auth token: ]
Workspace agent not authorized.

Encountered an error running "coder external-auth access-token", see "coder external-auth access-token --help" for more information
error: Trace=[get external auth token: ]
Workspace agent not authorized.

It seems that the value of

coder_agent.main.token

coder_agent.main.token

is not valid for whatever reason. If you have any pointers as to why that might be, I'd be super grateful. Thank you so much!

Coder.com•7mo ago•

10 replies

Tom

coder_agent.main.token is not valid in windows workspace

📨waiting-for-user🟢open

Hey guys, I'm working on setting up coder with GitLab external-auth on a windows workspace, provisioned via Azure. After a lot of reading, I've found that I need to pipe in

CODER_AGENT_TOKEN

CODER_AGENT_TOKEN

and

CODER_AGENT_URL

CODER_AGENT_URL

so I can have the my

GIT_ASKPASS

GIT_ASKPASS

script dyamically fetch the token for GitLab - I've done that as follows in my

tf

tf

file:

...
resource "coder_agent" "main" {
  arch          = "amd64"
  auth          = "azure-instance-identity"
  os            = "windows"
  api_key_scope = "all"
}

resource "azurerm_windows_virtual_machine" "main" {
  ...
  custom_data = base64encode(
    templatefile("${path.module}/Initialize.ps1.tftpl", {
      ...
      coder_agent_token         = coder_agent.main.token
      coder_agent_url           = data.coder_workspace.me.access_url
    })
  )
...

...
resource "coder_agent" "main" {
  arch          = "amd64"
  auth          = "azure-instance-identity"
  os            = "windows"
  api_key_scope = "all"
}

resource "azurerm_windows_virtual_machine" "main" {
  ...
  custom_data = base64encode(
    templatefile("${path.module}/Initialize.ps1.tftpl", {
      ...
      coder_agent_token         = coder_agent.main.token
      coder_agent_url           = data.coder_workspace.me.access_url
    })
  )
...

And then inside of

Initialize.ps1.tftpl

Initialize.ps1.tftpl

...
[System.Environment]::SetEnvironmentVariable("CODER_AGENT_TOKEN", "${coder_agent_token}", "User")
[System.Environment]::SetEnvironmentVariable("CODER_AGENT_URL", "${coder_agent_url}", "User")
# I also tried setting the above at "Machine" scope, results the same as desribed below

...
[System.Environment]::SetEnvironmentVariable("CODER_AGENT_TOKEN", "${coder_agent_token}", "User")
[System.Environment]::SetEnvironmentVariable("CODER_AGENT_URL", "${coder_agent_url}", "User")
# I also tried setting the above at "Machine" scope, results the same as desribed below

When I RDP into my workspace, I can run

Get-ChildItem Env:

Get-ChildItem Env:

and see that both of those variables are in fact set. However, when I run

coder external-auth access-token gitlab

coder external-auth access-token gitlab

, I hit the following error:

Encountered an error running "coder external-auth access-token", see "coder external-auth access-token --help" for more information
error: Trace=[get external auth token: ]
Workspace agent not authorized.

Encountered an error running "coder external-auth access-token", see "coder external-auth access-token --help" for more information
error: Trace=[get external auth token: ]
Workspace agent not authorized.

It seems that the value of

coder_agent.main.token

coder_agent.main.token

is not valid for whatever reason. If you have any pointers as to why that might be, I'd be super grateful. Thank you so much!

coder_agent.main.token is not valid in windows workspace

coder_agent.main.token is not valid in windows workspace

Similar Threads

Similar Threads

Similar Threads