selfhosted
/
coder
mirror of https://github.com/coder/coder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
coder/coderd/workspaceresourceauth.go

158 lines
5.3 KiB
Go
Raw Normal View History

feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
package coderd
import (
"database/sql"
fix: Convert all jobs to use a common resource and agent type (#369) * ci: Update DataDog GitHub branch to fallback to GITHUB_REF This was detecting branches, but not our "main" branch before. Hopefully this fixes it! * Add basic Terraform Provider * Rename post files to upload * Add tests for resources * Skip instance identity test * Add tests for ensuring agent get's passed through properly * Fix linting errors * Add echo path * Fix agent authentication * fix: Convert all jobs to use a common resource and agent type This enables a consistent API for project import and provisioned resources.
2022-02-28 18:00:52 +00:00
"encoding/json"
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
"errors"
"fmt"
"net/http"
feat: Add AWS instance identity authentication (#570) * feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * Fix sha256 verbosity * Fix HTTP client being exposed on auth
2022-03-28 19:31:03 +00:00
"github.com/coder/coder/coderd/awsidentity"
feat: Add Azure instance identitity authentication (#1064) This enables zero-trust authentication for Azure instances. Now we support the three major clouds: AWS, Azure, and GCP 😎.
2022-04-19 13:48:13 +00:00
"github.com/coder/coder/coderd/azureidentity"
chore: Move httpapi, httpmw, & database into `coderd` (#568) * chore: Move httpmw to /coderd directory httpmw is specific to coderd and should be scoped under coderd * chore: Move httpapi to /coderd directory httpapi is specific to coderd and should be scoped under coderd * chore: Move database to /coderd directory database is specific to coderd and should be scoped under coderd * chore: Update codecov & gitattributes for generated files * chore: Update Makefile
2022-03-25 21:07:45 +00:00
"github.com/coder/coder/coderd/database"
"github.com/coder/coder/coderd/httpapi"
feat: Add templates to create working release (#422) * Add templates * Move API structs to codersdk * Back to green tests! * It all works, but now with tea! 🧋 * It works! * Add cancellation to provisionerd * Tests pass! * Add deletion of workspaces and projects * Fix agent lock * Add clog * Fix linting errors * Remove unused CLI tests * Rename daemon to start * Fix leaking command * Fix promptui test * Update agent connection frequency * Skip login tests on Windows * Increase tunnel connect timeout * Fix templater * Lower test requirements * Fix embed * Disable promptui tests for Windows * Fix write newline * Fix PTY write newline * Fix CloseReader * Fix compilation on Windows * Fix linting error * Remove bubbletea * Cleanup readwriter * Use embedded templates instead of serving over API * Move templates to examples * Improve workspace create flow * Fix Windows build * Fix tests * Fix linting errors * Fix untar with extracting max size * Fix newline char
2022-03-22 19:17:50 +00:00
"github.com/coder/coder/codersdk"
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
"github.com/mitchellh/mapstructure"
)
feat: Add Azure instance identitity authentication (#1064) This enables zero-trust authentication for Azure instances. Now we support the three major clouds: AWS, Azure, and GCP 😎.
2022-04-19 13:48:13 +00:00
// Azure supports instance identity verification:
// https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=linux#tabgroup_14
chore: Remove interface from coderd and lift API surface (#1772) Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`.
2022-05-26 03:14:08 +00:00
func (api *API) postWorkspaceAuthAzureInstanceIdentity(rw http.ResponseWriter, r *http.Request) {
feat: Add Azure instance identitity authentication (#1064) This enables zero-trust authentication for Azure instances. Now we support the three major clouds: AWS, Azure, and GCP 😎.
2022-04-19 13:48:13 +00:00
var req codersdk.AzureInstanceIdentityToken
if !httpapi.Read(rw, r, &req) {
return
}
instanceID, err := azureidentity.Validate(r.Context(), req.Signature, api.AzureCertificates)
if err != nil {
httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
Message: fmt.Sprintf("validate: %s", err),
})
return
}
api.handleAuthInstanceID(rw, r, instanceID)
}
feat: Add AWS instance identity authentication (#570) * feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * Fix sha256 verbosity * Fix HTTP client being exposed on auth
2022-03-28 19:31:03 +00:00
// AWS supports instance identity verification:
// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
// Using this, we can exchange a signed instance payload for an agent token.
chore: Remove interface from coderd and lift API surface (#1772) Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`.
2022-05-26 03:14:08 +00:00
func (api *API) postWorkspaceAuthAWSInstanceIdentity(rw http.ResponseWriter, r *http.Request) {
feat: Add AWS instance identity authentication (#570) * feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * Fix sha256 verbosity * Fix HTTP client being exposed on auth
2022-03-28 19:31:03 +00:00
var req codersdk.AWSInstanceIdentityToken
if !httpapi.Read(rw, r, &req) {
return
}
identity, err := awsidentity.Validate(req.Signature, req.Document, api.AWSCertificates)
if err != nil {
httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
Message: fmt.Sprintf("validate: %s", err),
})
return
}
api.handleAuthInstanceID(rw, r, identity.InstanceID)
}
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
// Google Compute Engine supports instance identity verification:
// https://cloud.google.com/compute/docs/instances/verifying-instance-identity
// Using this, we can exchange a signed instance payload for an agent token.
chore: Remove interface from coderd and lift API surface (#1772) Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`.
2022-05-26 03:14:08 +00:00
func (api *API) postWorkspaceAuthGoogleInstanceIdentity(rw http.ResponseWriter, r *http.Request) {
feat: Add templates to create working release (#422) * Add templates * Move API structs to codersdk * Back to green tests! * It all works, but now with tea! 🧋 * It works! * Add cancellation to provisionerd * Tests pass! * Add deletion of workspaces and projects * Fix agent lock * Add clog * Fix linting errors * Remove unused CLI tests * Rename daemon to start * Fix leaking command * Fix promptui test * Update agent connection frequency * Skip login tests on Windows * Increase tunnel connect timeout * Fix templater * Lower test requirements * Fix embed * Disable promptui tests for Windows * Fix write newline * Fix PTY write newline * Fix CloseReader * Fix compilation on Windows * Fix linting error * Remove bubbletea * Cleanup readwriter * Use embedded templates instead of serving over API * Move templates to examples * Improve workspace create flow * Fix Windows build * Fix tests * Fix linting errors * Fix untar with extracting max size * Fix newline char
2022-03-22 19:17:50 +00:00
var req codersdk.GoogleInstanceIdentityToken
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
if !httpapi.Read(rw, r, &req) {
return
}
// We leave the audience blank. It's not important we validate who made the token.
payload, err := api.GoogleTokenValidator.Validate(r.Context(), req.JSONWebToken, "")
if err != nil {
httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
Message: fmt.Sprintf("validate: %s", err),
})
return
}
claims := struct {
Google struct {
ComputeEngine struct {
InstanceID string `mapstructure:"instance_id"`
} `mapstructure:"compute_engine"`
} `mapstructure:"google"`
}{}
err = mapstructure.Decode(payload.Claims, &claims)
if err != nil {
httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
Message: fmt.Sprintf("decode jwt claims: %s", err),
})
return
}
feat: Add AWS instance identity authentication (#570) * feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * Fix sha256 verbosity * Fix HTTP client being exposed on auth
2022-03-28 19:31:03 +00:00
api.handleAuthInstanceID(rw, r, claims.Google.ComputeEngine.InstanceID)
}
chore: Remove interface from coderd and lift API surface (#1772) Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`.
2022-05-26 03:14:08 +00:00
func (api *API) handleAuthInstanceID(rw http.ResponseWriter, r *http.Request, instanceID string) {
feat: Add AWS instance identity authentication (#570) * feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * Fix sha256 verbosity * Fix HTTP client being exposed on auth
2022-03-28 19:31:03 +00:00
agent, err := api.Database.GetWorkspaceAgentByInstanceID(r.Context(), instanceID)
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
if errors.Is(err, sql.ErrNoRows) {
httpapi.Write(rw, http.StatusNotFound, httpapi.Response{
feat: Add AWS instance identity authentication (#570) * feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * Fix sha256 verbosity * Fix HTTP client being exposed on auth
2022-03-28 19:31:03 +00:00
Message: fmt.Sprintf("instance with id %q not found", instanceID),
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
})
return
}
fix: Convert all jobs to use a common resource and agent type (#369) * ci: Update DataDog GitHub branch to fallback to GITHUB_REF This was detecting branches, but not our "main" branch before. Hopefully this fixes it! * Add basic Terraform Provider * Rename post files to upload * Add tests for resources * Skip instance identity test * Add tests for ensuring agent get's passed through properly * Fix linting errors * Add echo path * Fix agent authentication * fix: Convert all jobs to use a common resource and agent type This enables a consistent API for project import and provisioned resources.
2022-02-28 18:00:52 +00:00
if err != nil {
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
Message: fmt.Sprintf("get provisioner job agent: %s", err),
})
return
}
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore
2022-03-07 17:40:54 +00:00
resource, err := api.Database.GetWorkspaceResourceByID(r.Context(), agent.ResourceID)
fix: Convert all jobs to use a common resource and agent type (#369) * ci: Update DataDog GitHub branch to fallback to GITHUB_REF This was detecting branches, but not our "main" branch before. Hopefully this fixes it! * Add basic Terraform Provider * Rename post files to upload * Add tests for resources * Skip instance identity test * Add tests for ensuring agent get's passed through properly * Fix linting errors * Add echo path * Fix agent authentication * fix: Convert all jobs to use a common resource and agent type This enables a consistent API for project import and provisioned resources.
2022-02-28 18:00:52 +00:00
if err != nil {
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
Message: fmt.Sprintf("get provisioner job resource: %s", err),
})
return
}
job, err := api.Database.GetProvisionerJobByID(r.Context(), resource.JobID)
if err != nil {
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
Message: fmt.Sprintf("get provisioner job: %s", err),
})
return
}
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore
2022-03-07 17:40:54 +00:00
if job.Type != database.ProvisionerJobTypeWorkspaceBuild {
fix: Convert all jobs to use a common resource and agent type (#369) * ci: Update DataDog GitHub branch to fallback to GITHUB_REF This was detecting branches, but not our "main" branch before. Hopefully this fixes it! * Add basic Terraform Provider * Rename post files to upload * Add tests for resources * Skip instance identity test * Add tests for ensuring agent get's passed through properly * Fix linting errors * Add echo path * Fix agent authentication * fix: Convert all jobs to use a common resource and agent type This enables a consistent API for project import and provisioned resources.
2022-02-28 18:00:52 +00:00
httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
Message: fmt.Sprintf("%q jobs cannot be authenticated", job.Type),
})
return
}
var jobData workspaceProvisionJob
err = json.Unmarshal(job.Input, &jobData)
if err != nil {
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
Message: fmt.Sprintf("extract job data: %s", err),
})
return
}
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore
2022-03-07 17:40:54 +00:00
resourceHistory, err := api.Database.GetWorkspaceBuildByID(r.Context(), jobData.WorkspaceBuildID)
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
if err != nil {
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore
2022-03-07 17:40:54 +00:00
Message: fmt.Sprintf("get workspace build: %s", err),
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
})
return
}
// This token should only be exchanged if the instance ID is valid
// for the latest history. If an instance ID is recycled by a cloud,
// we'd hate to leak access to a user's workspace.
Spike/222 workspace build order (#1534) * chore: refactor before_id/after_id to build_number Signed-off-by: Spike Curtis <spike@coder.com> * pagination of workspace_builds Signed-off-by: Spike Curtis <spike@coder.com> * Disable parallel on postgres tests Signed-off-by: Spike Curtis <spike@coder.com> * Fix lint Signed-off-by: Spike Curtis <spike@coder.com> * Fix workspace build postgres query Signed-off-by: Spike Curtis <spike@coder.com> * Fix JS tests Signed-off-by: Spike Curtis <spike@coder.com> * Fix workspace builds postgres query Signed-off-by: Spike Curtis <spike@coder.com>
2022-05-18 16:33:33 +00:00
latestHistory, err := api.Database.GetLatestWorkspaceBuildByWorkspaceID(r.Context(), resourceHistory.WorkspaceID)
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
if err != nil {
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore
2022-03-07 17:40:54 +00:00
Message: fmt.Sprintf("get latest workspace build: %s", err),
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
})
return
}
feat: add README parsing to template versions (#1500)
2022-05-17 20:00:48 +00:00
if latestHistory.ID != resourceHistory.ID {
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
feat: Add AWS instance identity authentication (#570) * feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * Fix sha256 verbosity * Fix HTTP client being exposed on auth
2022-03-28 19:31:03 +00:00
Message: fmt.Sprintf("resource found for id %q, but isn't registered on the latest history", instanceID),
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
})
return
}
chore: idea: unify http responses further (#941)
2022-04-12 15:17:33 +00:00
httpapi.Write(rw, http.StatusOK, codersdk.WorkspaceAgentAuthenticateResponse{
fix: Convert all jobs to use a common resource and agent type (#369) * ci: Update DataDog GitHub branch to fallback to GITHUB_REF This was detecting branches, but not our "main" branch before. Hopefully this fixes it! * Add basic Terraform Provider * Rename post files to upload * Add tests for resources * Skip instance identity test * Add tests for ensuring agent get's passed through properly * Fix linting errors * Add echo path * Fix agent authentication * fix: Convert all jobs to use a common resource and agent type This enables a consistent API for project import and provisioned resources.
2022-02-28 18:00:52 +00:00
SessionToken: agent.AuthToken.String(),
feat: Add agent authentication based on instance ID (#336) * feat: Add agent authentication based on instance ID Each cloud has it's own unique instance identity signatures, which can be used for zero-token authentication. This change adds support for tracking by "instance_id", and automatically authenticating with Google Cloud. * Add test for CLI * Fix workspace agent request name * Fix race with adding to wait group * Fix name of instance identity token
2022-02-21 20:36:29 +00:00
})
}