From 1d04d067e4b0377b34656765111db82b2336e2e2 Mon Sep 17 00:00:00 2001
From: Kyle Carberry <kyle@carberry.com>
Date: Tue, 3 Oct 2023 14:44:58 +0000
Subject: [PATCH 1/2] feat: add `coder_external_auth` and deprecate
 `coder_git_auth`

---
 docs/data-sources/external_auth.md | 24 ++++++++++++++++
 provider/externalauth.go           | 44 ++++++++++++++++++++++++++++++
 provider/externalauth_test.go      | 44 ++++++++++++++++++++++++++++++
 provider/gitauth.go                |  3 +-
 provider/provider.go               |  9 +++---
 5 files changed, 119 insertions(+), 5 deletions(-)
 create mode 100644 docs/data-sources/external_auth.md
 create mode 100644 provider/externalauth.go
 create mode 100644 provider/externalauth_test.go

diff --git a/docs/data-sources/external_auth.md b/docs/data-sources/external_auth.md
new file mode 100644
index 00000000..19129cef
--- /dev/null
+++ b/docs/data-sources/external_auth.md
@@ -0,0 +1,24 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "coder_external_auth Data Source - terraform-provider-coder"
+subcategory: ""
+description: |-
+  Use this data source to require users to authenticate with an external provider prior to workspace creation. This can be used to pre-authenticate external services in a workspace.
+---
+
+# coder_external_auth (Data Source)
+
+Use this data source to require users to authenticate with an external provider prior to workspace creation. This can be used to pre-authenticate external services in a workspace.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The ID of a configured external auth provider set up in your Coder deployment.
+
+### Read-Only
+
+- `access_token` (String) The access token returned by the external auth provider. This can be used to pre-authenticate command-line tools.
diff --git a/provider/externalauth.go b/provider/externalauth.go
new file mode 100644
index 00000000..fafe3584
--- /dev/null
+++ b/provider/externalauth.go
@@ -0,0 +1,44 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+// externalAuthDataSource returns a schema for an external authentication data source.
+func externalAuthDataSource() *schema.Resource {
+	return &schema.Resource{
+		Description: "Use this data source to require users to authenticate with an external provider prior to workspace creation. This can be used to pre-authenticate external services in a workspace.",
+		ReadContext: func(ctx context.Context, rd *schema.ResourceData, i interface{}) diag.Diagnostics {
+			id, ok := rd.Get("id").(string)
+			if !ok || id == "" {
+				return diag.Errorf("id is required")
+			}
+			rd.SetId(id)
+
+			accessToken := os.Getenv(ExternalAuthAccessTokenEnvironmentVariable(id))
+			rd.Set("access_token", accessToken)
+			return nil
+		},
+		Schema: map[string]*schema.Schema{
+			"id": {
+				Type:        schema.TypeString,
+				Description: "The ID of a configured external auth provider set up in your Coder deployment.",
+				Required:    true,
+			},
+			"access_token": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The access token returned by the external auth provider. This can be used to pre-authenticate command-line tools.",
+			},
+		},
+	}
+}
+
+func ExternalAuthAccessTokenEnvironmentVariable(id string) string {
+	return fmt.Sprintf("CODER_EXTERNAL_AUTH_ACCESS_TOKEN_%s", id)
+}
diff --git a/provider/externalauth_test.go b/provider/externalauth_test.go
new file mode 100644
index 00000000..a320684b
--- /dev/null
+++ b/provider/externalauth_test.go
@@ -0,0 +1,44 @@
+package provider_test
+
+import (
+	"testing"
+
+	"github.com/coder/terraform-provider-coder/provider"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestExternalAuth(t *testing.T) {
+	t.Parallel()
+
+	resource.Test(t, resource.TestCase{
+		Providers: map[string]*schema.Provider{
+			"coder": provider.New(),
+		},
+		IsUnitTest: true,
+		Steps: []resource.TestStep{{
+			Config: `
+			provider "coder" {
+			}
+			data "coder_external_auth" "github" {
+				id = "github"
+			}
+			`,
+			Check: func(state *terraform.State) error {
+				require.Len(t, state.Modules, 1)
+				require.Len(t, state.Modules[0].Resources, 1)
+				resource := state.Modules[0].Resources["data.coder_external_auth.github"]
+				require.NotNil(t, resource)
+
+				attribs := resource.Primary.Attributes
+				require.Equal(t, "github", attribs["id"])
+
+				return nil
+			},
+		}},
+	})
+}
diff --git a/provider/gitauth.go b/provider/gitauth.go
index d5cf9a85..aa36d493 100644
--- a/provider/gitauth.go
+++ b/provider/gitauth.go
@@ -12,7 +12,8 @@ import (
 // gitAuthDataSource returns a schema for a Git authentication data source.
 func gitAuthDataSource() *schema.Resource {
 	return &schema.Resource{
-		Description: "Use this data source to require users to authenticate with a Git provider prior to workspace creation. This can be used to perform an authenticated `git clone` in startup scripts.",
+		DeprecationMessage: "Use the `coder_external_auth` data source instead.",
+		Description:        "Use this data source to require users to authenticate with a Git provider prior to workspace creation. This can be used to perform an authenticated `git clone` in startup scripts.",
 		ReadContext: func(ctx context.Context, rd *schema.ResourceData, i interface{}) diag.Diagnostics {
 			rawID, ok := rd.GetOk("id")
 			if !ok {
diff --git a/provider/provider.go b/provider/provider.go
index 9ea6685b..6556146e 100644
--- a/provider/provider.go
+++ b/provider/provider.go
@@ -68,10 +68,11 @@ func New() *schema.Provider {
 			}, nil
 		},
 		DataSourcesMap: map[string]*schema.Resource{
-			"coder_workspace":   workspaceDataSource(),
-			"coder_provisioner": provisionerDataSource(),
-			"coder_parameter":   parameterDataSource(),
-			"coder_git_auth":    gitAuthDataSource(),
+			"coder_workspace":     workspaceDataSource(),
+			"coder_provisioner":   provisionerDataSource(),
+			"coder_parameter":     parameterDataSource(),
+			"coder_git_auth":      gitAuthDataSource(),
+			"coder_external_auth": externalAuthDataSource(),
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"coder_agent":          agentResource(),

From d34cc7351bc642cc37c365b8c7e4f26cd8fd632d Mon Sep 17 00:00:00 2001
From: Kyle Carberry <kyle@carberry.com>
Date: Tue, 3 Oct 2023 15:02:01 +0000
Subject: [PATCH 2/2] Improve docs

---
 docs/data-sources/external_auth.md | 4 ++--
 provider/externalauth.go           | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/data-sources/external_auth.md b/docs/data-sources/external_auth.md
index 19129cef..b875b874 100644
--- a/docs/data-sources/external_auth.md
+++ b/docs/data-sources/external_auth.md
@@ -3,12 +3,12 @@
 page_title: "coder_external_auth Data Source - terraform-provider-coder"
 subcategory: ""
 description: |-
-  Use this data source to require users to authenticate with an external provider prior to workspace creation. This can be used to pre-authenticate external services in a workspace.
+  Use this data source to require users to authenticate with an external service prior to workspace creation. This can be used to pre-authenticate external services in a workspace. (e.g. gcloud, gh, docker, etc)
 ---
 
 # coder_external_auth (Data Source)
 
-Use this data source to require users to authenticate with an external provider prior to workspace creation. This can be used to pre-authenticate external services in a workspace.
+Use this data source to require users to authenticate with an external service prior to workspace creation. This can be used to pre-authenticate external services in a workspace. (e.g. gcloud, gh, docker, etc)
 
 
 
diff --git a/provider/externalauth.go b/provider/externalauth.go
index fafe3584..89ab5ecc 100644
--- a/provider/externalauth.go
+++ b/provider/externalauth.go
@@ -12,7 +12,7 @@ import (
 // externalAuthDataSource returns a schema for an external authentication data source.
 func externalAuthDataSource() *schema.Resource {
 	return &schema.Resource{
-		Description: "Use this data source to require users to authenticate with an external provider prior to workspace creation. This can be used to pre-authenticate external services in a workspace.",
+		Description: "Use this data source to require users to authenticate with an external service prior to workspace creation. This can be used to pre-authenticate external services in a workspace. (e.g. gcloud, gh, docker, etc)",
 		ReadContext: func(ctx context.Context, rd *schema.ResourceData, i interface{}) diag.Diagnostics {
 			id, ok := rd.Get("id").(string)
 			if !ok || id == "" {