feat: Add agent authentication based on instance ID (#336)

* feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2025-07-21 01:28:49 +00:00 · 2022-02-21 14:36:29 -06:00
parent 67613da86d
commit 8958b641e9
41 changed files with 752 additions and 251 deletions
--- a/coderd/users_test.go
+++ b/coderd/users_test.go
@ -17,7 +17,7 @@ func TestUser(t *testing.T) {
 	t.Parallel()
 	t.Run("NotFound", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		has, err := client.HasInitialUser(context.Background())
 		require.NoError(t, err)
 		require.False(t, has)
@ -25,7 +25,7 @@ func TestUser(t *testing.T) {

 	t.Run("Found", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		_ = coderdtest.CreateInitialUser(t, client)
 		has, err := client.HasInitialUser(context.Background())
 		require.NoError(t, err)
@ -37,14 +37,14 @@ func TestPostUser(t *testing.T) {
 	t.Parallel()
 	t.Run("BadRequest", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		_, err := client.CreateInitialUser(context.Background(), coderd.CreateInitialUserRequest{})
 		require.Error(t, err)
 	})

 	t.Run("AlreadyExists", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		_ = coderdtest.CreateInitialUser(t, client)
 		_, err := client.CreateInitialUser(context.Background(), coderd.CreateInitialUserRequest{
 			Email:        "some@email.com",
@ -59,7 +59,7 @@ func TestPostUser(t *testing.T) {

 	t.Run("Create", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		_ = coderdtest.CreateInitialUser(t, client)
 	})
 }
@ -68,14 +68,14 @@ func TestPostUsers(t *testing.T) {
 	t.Parallel()
 	t.Run("BadRequest", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		_, err := client.CreateInitialUser(context.Background(), coderd.CreateInitialUserRequest{})
 		require.Error(t, err)
 	})

 	t.Run("Conflicting", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		user := coderdtest.CreateInitialUser(t, client)
 		_, err := client.CreateInitialUser(context.Background(), coderd.CreateInitialUserRequest{
 			Email:        user.Email,
@ -90,7 +90,7 @@ func TestPostUsers(t *testing.T) {

 	t.Run("Create", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		_ = coderdtest.CreateInitialUser(t, client)
 		_, err := client.CreateUser(context.Background(), coderd.CreateUserRequest{
 			Email:    "another@user.org",
@ -103,7 +103,7 @@ func TestPostUsers(t *testing.T) {

 func TestUserByName(t *testing.T) {
 	t.Parallel()
-	client := coderdtest.New(t)
+	client := coderdtest.New(t, nil)
 	_ = coderdtest.CreateInitialUser(t, client)
 	_, err := client.User(context.Background(), "")
 	require.NoError(t, err)
@ -111,7 +111,7 @@ func TestUserByName(t *testing.T) {

 func TestOrganizationsByUser(t *testing.T) {
 	t.Parallel()
-	client := coderdtest.New(t)
+	client := coderdtest.New(t, nil)
 	_ = coderdtest.CreateInitialUser(t, client)
 	orgs, err := client.UserOrganizations(context.Background(), "")
 	require.NoError(t, err)
@ -123,7 +123,7 @@ func TestPostKey(t *testing.T) {
 	t.Parallel()
 	t.Run("InvalidUser", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		_ = coderdtest.CreateInitialUser(t, client)

 		// Clear session token
@ -137,7 +137,7 @@ func TestPostKey(t *testing.T) {

 	t.Run("Success", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		_ = coderdtest.CreateInitialUser(t, client)
 		apiKey, err := client.CreateAPIKey(context.Background())
 		require.NotNil(t, apiKey)
@ -150,7 +150,7 @@ func TestPostLogin(t *testing.T) {
 	t.Parallel()
 	t.Run("InvalidUser", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		_, err := client.LoginWithPassword(context.Background(), coderd.LoginWithPasswordRequest{
 			Email:    "my@email.org",
 			Password: "password",
@ -162,7 +162,7 @@ func TestPostLogin(t *testing.T) {

 	t.Run("BadPassword", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		user := coderdtest.CreateInitialUser(t, client)
 		_, err := client.LoginWithPassword(context.Background(), coderd.LoginWithPasswordRequest{
 			Email:    user.Email,
@ -175,7 +175,7 @@ func TestPostLogin(t *testing.T) {

 	t.Run("Success", func(t *testing.T) {
 		t.Parallel()
-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		user := coderdtest.CreateInitialUser(t, client)
 		_, err := client.LoginWithPassword(context.Background(), coderd.LoginWithPasswordRequest{
 			Email:    user.Email,
@ -191,7 +191,7 @@ func TestPostLogout(t *testing.T) {
 	t.Run("ClearCookie", func(t *testing.T) {
 		t.Parallel()

-		client := coderdtest.New(t)
+		client := coderdtest.New(t, nil)
 		fullURL, err := client.URL.Parse("/api/v2/logout")
 		require.NoError(t, err, "Server URL should parse successfully")