diff --git a/docs/data-sources/workspace_owner.md b/docs/data-sources/workspace_owner.md index 1c64ea50..b2e922e2 100644 --- a/docs/data-sources/workspace_owner.md +++ b/docs/data-sources/workspace_owner.md @@ -52,6 +52,7 @@ resource "coder_env" "git_author_email" { - `id` (String) The UUID of the workspace owner. - `name` (String) The username of the user. - `oidc_access_token` (String) A valid OpenID Connect access token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string. +- `oidc_refresh_token` (String) A valid OpenID Connect refresh token of the workspace owner. Can be used to refresh access token if expired This is only available if the workspace owner authenticated with OpenID Connect. If a valid refresh token cannot be obtained, this value will be an empty string. - `session_token` (String) Session token for authenticating with a Coder deployment. It is regenerated every time a workspace is started. - `ssh_private_key` (String, Sensitive) The user's generated SSH private key. - `ssh_public_key` (String) The user's generated SSH public key. diff --git a/provider/workspace_owner.go b/provider/workspace_owner.go index 13e36187..72fbd9b7 100644 --- a/provider/workspace_owner.go +++ b/provider/workspace_owner.go @@ -52,6 +52,7 @@ func workspaceOwnerDataSource() *schema.Resource { _ = rd.Set("session_token", os.Getenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN")) _ = rd.Set("oidc_access_token", os.Getenv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN")) + _ = rd.Set("oidc_refresh_token", os.Getenv("CODER_WORKSPACE_OWNER_OIDC_REFRESH_TOKEN")) return nil }, @@ -107,6 +108,13 @@ func workspaceOwnerDataSource() *schema.Resource { "This is only available if the workspace owner authenticated with OpenID Connect. " + "If a valid token cannot be obtained, this value will be an empty string.", }, + "oidc_refresh_token": { + Type: schema.TypeString, + Computed: true, + Description: "A valid OpenID Connect refresh token of the workspace owner. Can be used to refresh access token if expired " + + "This is only available if the workspace owner authenticated with OpenID Connect. " + + "If a valid refresh token cannot be obtained, this value will be an empty string.", + }, }, } } diff --git a/provider/workspace_owner_test.go b/provider/workspace_owner_test.go index 90839cfc..33c86a82 100644 --- a/provider/workspace_owner_test.go +++ b/provider/workspace_owner_test.go @@ -35,6 +35,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) { t.Setenv("CODER_WORKSPACE_OWNER_GROUPS", `["group1", "group2"]`) t.Setenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN", `supersecret`) t.Setenv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN", `alsosupersecret`) + t.Setenv("CODER_WORKSPACE_OWNER_OIDC_REFRESH_TOKEN", `alsosupersecretrefresh`) resource.Test(t, resource.TestCase{ Providers: map[string]*schema.Provider{ @@ -63,6 +64,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) { assert.Equal(t, `group2`, attrs["groups.1"]) assert.Equal(t, `supersecret`, attrs["session_token"]) assert.Equal(t, `alsosupersecret`, attrs["oidc_access_token"]) + assert.Equal(t, `alsosupersecretrefresh`, attrs["oidc_refresh_token"]) return nil }, }}, @@ -80,6 +82,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) { "CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN", "CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY", "CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY", + "CODER_WORKSPACE_OWNER_OIDC_REFRESH_TOKEN", } { // https://github.com/golang/go/issues/52817 t.Setenv(v, "") os.Unsetenv(v) @@ -111,6 +114,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) { assert.Empty(t, attrs["groups.0"]) assert.Empty(t, attrs["session_token"]) assert.Empty(t, attrs["oidc_access_token"]) + assert.Empty(t, attrs["oidc_refresh_token"]) return nil }, }},