bug: Prebuilds agent reinitialization doesn't work if cloud identity is used #19111
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
If you use cloud identity, like Google, AWS, or Azure instance identity for your prebuilt workspace agent, then we fail to connect to the reinit endpoint, and the agent will never reinitialize after being claimed.
Relevant Log Output
t.go:106: 2025-07-31 12:23:27.369 [info] cli: stderr: 2025-07-31 12:23:27.369 [debu] cli: waiting for agent reinitialization instructions
t.go:106: 2025-07-31 12:23:27.369 [info] cli: connecting to coderd
t.go:106: 2025-07-31 12:23:27.369 [info] cli: stderr: 2025-07-31 12:23:27.369 [info] cli: connecting to coderd
t.go:106: 2025-07-31 12:23:27.369 [debu] cli: sdk request method=POST url=http://localhost:53956/api/v2/workspaceagents/google-instance-identity body=""
t.go:106: 2025-07-31 12:23:27.369 [info] cli: stderr: 2025-07-31 12:23:27.369 [debu] cli: sdk request method=POST url=http://localhost:53956/api/v2/workspaceagents/google-instance-identity body=""
t.go:106: 2025-07-31 12:23:27.369 [info] cli: http server listening addr=127.0.0.1:2113 name=debug
t.go:106: 2025-07-31 12:23:27.369 [info] cli: stderr: 2025-07-31 12:23:27.369 [info] cli: http server listening addr=127.0.0.1:2113 name=debug
t.go:106: 2025-07-31 12:23:27.369 [info] cli: http server listening addr=127.0.0.1:2112 name=prometheus
t.go:106: 2025-07-31 12:23:27.369 [info] cli: stderr: 2025-07-31 12:23:27.369 [info] cli: http server listening addr=127.0.0.1:2112 name=prometheus
t.go:106: 2025-07-31 12:23:27.369 [debu] coderd: GET host=localhost:53956 path=/api/v2/workspaceagents/me/reinit proto=HTTP/1.1 remote_addr=127.0.0.1 start="2025-07-31T16:23:27.3697711+04:00" took=0s status_code=401 latency_ms=0 request_id=03aea236-c257-4ca3-b96d-7240e1ed4d77
t.go:109: 2025-07-31 12:23:27.370 [erro] cli: failed to wait for agent reinitialization instructions error="GET http://localhost:53956/api/v2/workspaceagents/me/reinit: unexpected status code 401: Cookie \"coder_session_token\" must be provided.: Try logging in using 'coder login'."
t.go:106: 2025-07-31 12:23:27.370 [info] cli: stderr: 2025-07-31 12:23:27.370 [erro] cli: failed to wait for agent reinitialization instructions error="GET http://localhost:53956/api/v2/workspaceagents/me/reinit: unexpected status code 401: Cookie \"coder_session_token\" must be provided.: Try logging in using 'coder login'."
t.go:106: 2025-07-31 12:23:27.387 [debu] coderd: POST host=localhost:53956 path=/api/v2/workspaceagents/google-instance-identity proto=HTTP/1.1 remote_addr=127.0.0.1 start="2025-07-31T16:23:27.3703069+04:00" requestor_name=System took=17.1539ms status_code=200 latency_ms=17 request_id=df5a870a-c1a7-49fe-b1db-fa2f844a5c91
t.go:106: 2025-07-31 12:23:27.387 [debu] cli: sdk response method=POST url=http://localhost:53956/api/v2/workspaceagents/google-instance-identity status=200 body="" trace_id="" span_id=""
t.go:106: 2025-07-31 12:23:27.387 [info] cli: stderr: 2025-07-31 12:23:27.387 [debu] cli: sdk response method=POST url=http://localhost:53956/api/v2/workspaceagents/google-instance-identity status=200 body="" trace_id="" span_id=""Expected Behavior
Prebuilds should work correctly with cloud instance identity, including handling being claimed.
Steps to Reproduce
- Use cloud instance identity for your prebuild
Environment
- Host OS: all
- Coder version:
main
Additional Context
No response