MCPcopy Index your code
hub / github.com/coder/coder / postWorkspaceAuthAzureInstanceIdentity

Method postWorkspaceAuthAzureInstanceIdentity

coderd/workspaceresourceauth.go:32–55  ·  view source on GitHub ↗

Azure supports instance identity verification: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=linux#tabgroup_14 @Summary Authenticate agent on Azure instance @ID authenticate-agent-on-azure-instance @Security CoderSessionToken @Accept json @Produce js

(rw http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

30// @Success 200 {object} agentsdk.AuthenticateResponse
31// @Router /api/v2/workspaceagents/azure-instance-identity [post]
32func (api *API) postWorkspaceAuthAzureInstanceIdentity(rw http.ResponseWriter, r *http.Request) {
33 ctx := r.Context()
34 var req agentsdk.AzureInstanceIdentityToken
35 if !httpapi.Read(ctx, rw, r, &req) {
36 return
37 }
38 instanceID, err := azureidentity.Validate(r.Context(), req.Signature, api.AzureCertificates)
39 if err != nil {
40 // Log the full error for operators but return only a
41 // generic message to the caller. Errors from the
42 // certificate fetch path may contain fragments of
43 // internal HTTP responses, so exposing them would be
44 // an information disclosure risk.
45 api.Logger.Warn(ctx, "azure identity validation failed",
46 slog.Error(err),
47 )
48 httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
49 Message: "Invalid Azure identity.",
50 Detail: "Signature verification failed.",
51 })
52 return
53 }
54 api.handleAuthInstanceID(rw, r, instanceID, req.AgentName)
55}
56
57// AWS supports instance identity verification:
58// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html

Callers

nothing calls this directly

Calls 6

handleAuthInstanceIDMethod · 0.95
ReadFunction · 0.92
ValidateFunction · 0.92
WriteFunction · 0.92
ContextMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected