MCPcopy Index your code
hub / github.com/coder/coder / newFixOIDCLinksCommand

Method newFixOIDCLinksCommand

cli/server_fix_oidc_links.go:22–156  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

20)
21
22func (r *RootCmd) newFixOIDCLinksCommand() *serpent.Command {
23 var (
24 pgURL string
25 pgAuth string
26 issuerURL string
27 dryRun bool
28 )
29 fixOIDCLinksCmd := &serpent.Command{
30 Use: "fix-oidc-links",
31 Short: "Reset OIDC linked IDs that do not match the expected issuer, allowing users to re-authenticate.",
32 Handler: func(inv *serpent.Invocation) error {
33 var (
34 ctx, cancel = inv.SignalNotifyContext(inv.Context(), StopSignals...)
35 logger = inv.Logger.AppendSinks(sloghuman.Sink(inv.Stderr))
36 )
37 if r.verbose {
38 logger = logger.Leveled(slog.LevelDebug)
39 }
40 defer cancel()
41
42 issuerURL = strings.TrimSpace(issuerURL)
43 if issuerURL == "" {
44 return xerrors.Errorf("the --%s flag is required, set it to the OIDC issuer URL (e.g. https://accounts.google.com)", "issuer-url")
45 }
46 // Resolve the canonical issuer from OIDC discovery.
47 cliui.Infof(inv.Stdout, "Resolving OIDC issuer from %q...", issuerURL)
48 // TODO: The default client might not be configured with the right certs to make this request.
49 issuer, err := authlink.ResolveIssuer(ctx, http.DefaultClient, issuerURL)
50 if err != nil {
51 return xerrors.Errorf("resolve issuer: %w", err)
52 }
53 _, _ = fmt.Fprintf(inv.Stdout, "Resolved OIDC issuer: %q\n\n", issuer)
54
55 // Connect to the database.
56 if pgURL == "" {
57 return xerrors.New("the --postgres-url flag is required")
58 }
59
60 sqlDriver := "postgres"
61 if codersdk.PostgresAuth(pgAuth) == codersdk.PostgresAuthAWSIAMRDS {
62 sqlDriver, err = awsiamrds.Register(inv.Context(), sqlDriver)
63 if err != nil {
64 return xerrors.Errorf("register aws rds iam auth: %w", err)
65 }
66 }
67
68 sqlDB, err := ConnectToPostgres(ctx, logger, sqlDriver, pgURL, nil)
69 if err != nil {
70 return xerrors.Errorf("connect to postgres: %w", err)
71 }
72 defer func() {
73 _ = sqlDB.Close()
74 }()
75 db := database.New(sqlDB)
76
77 // Run analysis.
78 analysis, err := authlink.AnalyzeOIDCLinks(ctx, db, issuer)
79 if err != nil {

Callers 1

ServerMethod · 0.95

Calls 15

InfofFunction · 0.92
ResolveIssuerFunction · 0.92
PostgresAuthTypeAlias · 0.92
RegisterFunction · 0.92
NewFunction · 0.92
AnalyzeOIDCLinksFunction · 0.92
PrintAnalysisFunction · 0.92
PromptFunction · 0.92
ResetMismatchedOIDCLinksFunction · 0.92
SkipPromptOptionFunction · 0.92
ConnectToPostgresFunction · 0.85
MismatchedTotalMethod · 0.80

Tested by

no test coverage detected