publicWagsHome
/
modules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Merge branch 'main' into maa/lint-version

Browse Source
pull/301/head
Muhammad Atif Ali 10 months ago committed by GitHub
parent 455b113058 fb81c8969f
commit 264809fe0f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
22 changed files with 787 additions and 184 deletions
Show Stats Download Patch File Download Diff File

3
filebrowser/README.md
Unescape Escape View File

@ -16,7 +16,6 @@ module "filebrowser" {
source = "registry.coder.com/modules/filebrowser/coder" source = "registry.coder.com/modules/filebrowser/coder"
version = "1.0.18" version = "1.0.18"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
agent_name = "main"
} }
``` ```
@ -31,7 +30,6 @@ module "filebrowser" {
source = "registry.coder.com/modules/filebrowser/coder" source = "registry.coder.com/modules/filebrowser/coder"
version = "1.0.18" version = "1.0.18"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
agent_name = "main"
folder = "/home/coder/project" folder = "/home/coder/project"
} }
``` ```
@ -43,7 +41,6 @@ module "filebrowser" {
source = "registry.coder.com/modules/filebrowser/coder" source = "registry.coder.com/modules/filebrowser/coder"
version = "1.0.18" version = "1.0.18"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
agent_name = "main"
database_path = ".config/filebrowser.db" database_path = ".config/filebrowser.db"
} }
``` ```

5
filebrowser/main.test.ts
Unescape Escape View File

@ -11,13 +11,11 @@ describe("filebrowser", async () => {
testRequiredVariables(import.meta.dir, { testRequiredVariables(import.meta.dir, {
agent_id: "foo", agent_id: "foo",
agent_name: "main",
}); });
it("fails with wrong database_path", async () => { it("fails with wrong database_path", async () => {
const state = await runTerraformApply(import.meta.dir, { const state = await runTerraformApply(import.meta.dir, {
agent_id: "foo", agent_id: "foo",
agent_name: "main",
database_path: "nofb", database_path: "nofb",
}).catch((e) => { }).catch((e) => {
if (!e.message.startsWith("\nError: Invalid value for variable")) { if (!e.message.startsWith("\nError: Invalid value for variable")) {
@ -29,7 +27,6 @@ describe("filebrowser", async () => {
it("runs with default", async () => { it("runs with default", async () => {
const state = await runTerraformApply(import.meta.dir, { const state = await runTerraformApply(import.meta.dir, {
agent_id: "foo", agent_id: "foo",
agent_name: "main",
}); });
const output = await executeScriptInContainer(state, "alpine"); const output = await executeScriptInContainer(state, "alpine");
expect(output.exitCode).toBe(0); expect(output.exitCode).toBe(0);
@ -51,7 +48,6 @@ describe("filebrowser", async () => {
it("runs with database_path var", async () => { it("runs with database_path var", async () => {
const state = await runTerraformApply(import.meta.dir, { const state = await runTerraformApply(import.meta.dir, {
agent_id: "foo", agent_id: "foo",
agent_name: "main",
database_path: ".config/filebrowser.db", database_path: ".config/filebrowser.db",
}); });
const output = await executeScriptInContainer(state, "alpine"); const output = await executeScriptInContainer(state, "alpine");
@ -74,7 +70,6 @@ describe("filebrowser", async () => {
it("runs with folder var", async () => { it("runs with folder var", async () => {
const state = await runTerraformApply(import.meta.dir, { const state = await runTerraformApply(import.meta.dir, {
agent_id: "foo", agent_id: "foo",
agent_name: "main",
folder: "/home/coder/project", folder: "/home/coder/project",
}); });
const output = await executeScriptInContainer(state, "alpine"); const output = await executeScriptInContainer(state, "alpine");

6
filebrowser/main.tf
Unescape Escape View File

@ -21,6 +21,12 @@ data "coder_workspace_owner" "me" {}
variable "agent_name" { variable "agent_name" {
type = string type = string
description = "The name of the main deployment. (Used to build the subpath for coder_app.)" description = "The name of the main deployment. (Used to build the subpath for coder_app.)"
default = ""
validation {
# If subdomain is false, then agent_name must be set.
condition = var.subdomain || var.agent_name != ""
error_message = "The agent_name must be set."
}
} }
variable "database_path" { variable "database_path" {

5
jfrog-oauth/.npmrc.tftpl
Unescape Escape View File

@ -0,0 +1,5 @@
email=${ARTIFACTORY_EMAIL}
%{ for REPO in REPOS ~}
${REPO.SCOPE}registry=${JFROG_URL}/artifactory/api/npm/${REPO.NAME}
//${JFROG_HOST}/artifactory/api/npm/${REPO.NAME}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}
%{ endfor ~}

21
jfrog-oauth/README.md
Unescape Escape View File

@ -17,15 +17,16 @@ Install the JF CLI and authenticate package managers with Artifactory using OAut
```tf ```tf
module "jfrog" { module "jfrog" {
source = "registry.coder.com/modules/jfrog-oauth/coder" source = "registry.coder.com/modules/jfrog-oauth/coder"
version = "1.0.15" version = "1.0.19"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
jfrog_url = "https://example.jfrog.io" jfrog_url = "https://example.jfrog.io"
username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username" username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
package_managers = { package_managers = {
"npm" : "npm", npm = ["npm", "@scoped:npm-scoped"]
"go" : "go", go = ["go", "another-go-repo"]
"pypi" : "pypi" pypi = ["pypi", "extra-index-pypi"]
docker = ["example-docker-staging.jfrog.io", "example-docker-production.jfrog.io"]
} }
} }
``` ```
@ -44,13 +45,13 @@ Configure the Python pip package manager to fetch packages from Artifactory whil
```tf ```tf
module "jfrog" { module "jfrog" {
source = "registry.coder.com/modules/jfrog-oauth/coder" source = "registry.coder.com/modules/jfrog-oauth/coder"
version = "1.0.15" version = "1.0.19"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
jfrog_url = "https://example.jfrog.io" jfrog_url = "https://example.jfrog.io"
username_field = "email" username_field = "email"
package_managers = { package_managers = {
"pypi" : "pypi" pypi = ["pypi"]
} }
} }
``` ```
@ -72,15 +73,15 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
```tf ```tf
module "jfrog" { module "jfrog" {
source = "registry.coder.com/modules/jfrog-oauth/coder" source = "registry.coder.com/modules/jfrog-oauth/coder"
version = "1.0.15" version = "1.0.19"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
jfrog_url = "https://example.jfrog.io" jfrog_url = "https://example.jfrog.io"
username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username" username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
configure_code_server = true # Add JFrog extension configuration for code-server configure_code_server = true # Add JFrog extension configuration for code-server
package_managers = { package_managers = {
"npm" : "npm", npm = ["npm"]
"go" : "go", go = ["go"]
"pypi" : "pypi" pypi = ["pypi"]
} }
} }
``` ```

124
jfrog-oauth/main.test.ts
Unescape Escape View File

@ -1,19 +1,129 @@
import { serve } from "bun"; import { describe, expect, it } from "bun:test";
import { describe } from "bun:test";
import { import {
createJSONResponse, findResourceInstance,
runTerraformInit, runTerraformInit,
runTerraformApply,
testRequiredVariables, testRequiredVariables,
} from "../test"; } from "../test";
describe("jfrog-oauth", async () => { describe("jfrog-oauth", async () => {
type TestVariables = {
agent_id: string;
jfrog_url: string;
package_managers: string;
username_field?: string;
jfrog_server_id?: string;
external_auth_id?: string;
configure_code_server?: boolean;
};
await runTerraformInit(import.meta.dir); await runTerraformInit(import.meta.dir);
testRequiredVariables(import.meta.dir, { const fakeFrogApi = "localhost:8081/artifactory/api";
const fakeFrogUrl = "http://localhost:8081";
const user = "default";
it("can run apply with required variables", async () => {
testRequiredVariables<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id", agent_id: "some-agent-id",
jfrog_url: "http://localhost:8081", jfrog_url: fakeFrogUrl,
package_managers: "{}", package_managers: "{}",
}); });
}); });
it("generates an npmrc with scoped repos", async () => {
const state = await runTerraformApply<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id",
jfrog_url: fakeFrogUrl,
package_managers: JSON.stringify({
npm: ["global", "@foo:foo", "@bar:bar"],
}),
});
const coderScript = findResourceInstance(state, "coder_script");
const npmrcStanza = `cat << EOF > ~/.npmrc
email=${user}@example.com
registry=http://${fakeFrogApi}/npm/global
//${fakeFrogApi}/npm/global/:_authToken=
@foo:registry=http://${fakeFrogApi}/npm/foo
//${fakeFrogApi}/npm/foo/:_authToken=
@bar:registry=http://${fakeFrogApi}/npm/bar
//${fakeFrogApi}/npm/bar/:_authToken=
EOF`;
expect(coderScript.script).toContain(npmrcStanza);
expect(coderScript.script).toContain(
'jf npmc --global --repo-resolve "global"',
);
expect(coderScript.script).toContain(
'if [ -z "YES" ]; then\n not_configured npm',
);
});
it("generates a pip config with extra-indexes", async () => {
const state = await runTerraformApply<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id",
jfrog_url: fakeFrogUrl,
package_managers: JSON.stringify({
pypi: ["global", "foo", "bar"],
}),
});
const coderScript = findResourceInstance(state, "coder_script");
const pipStanza = `cat << EOF > ~/.pip/pip.conf
[global]
index-url = https://${user}:@${fakeFrogApi}/pypi/global/simple
extra-index-url =
https://${user}:@${fakeFrogApi}/pypi/foo/simple
https://${user}:@${fakeFrogApi}/pypi/bar/simple
EOF`;
expect(coderScript.script).toContain(pipStanza);
expect(coderScript.script).toContain(
'jf pipc --global --repo-resolve "global"',
);
expect(coderScript.script).toContain(
'if [ -z "YES" ]; then\n not_configured pypi',
);
});
it("registers multiple docker repos", async () => {
const state = await runTerraformApply<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id",
jfrog_url: fakeFrogUrl,
package_managers: JSON.stringify({
docker: ["foo.jfrog.io", "bar.jfrog.io", "baz.jfrog.io"],
}),
});
const coderScript = findResourceInstance(state, "coder_script");
const dockerStanza = ["foo", "bar", "baz"]
.map((r) => `register_docker "${r}.jfrog.io"`)
.join("\n");
expect(coderScript.script).toContain(dockerStanza);
expect(coderScript.script).toContain(
'if [ -z "YES" ]; then\n not_configured docker',
);
});
it("sets goproxy with multiple repos", async () => {
const state = await runTerraformApply<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id",
jfrog_url: fakeFrogUrl,
package_managers: JSON.stringify({
go: ["foo", "bar", "baz"],
}),
});
const proxyEnv = findResourceInstance(state, "coder_env", "goproxy");
const proxies = ["foo", "bar", "baz"]
.map((r) => `https://${user}:@${fakeFrogApi}/go/${r}`)
.join(",");
expect(proxyEnv["value"]).toEqual(proxies);
//TODO add more tests const coderScript = findResourceInstance(state, "coder_script");
expect(coderScript.script).toContain(
'jf goc --global --repo-resolve "foo"',
);
expect(coderScript.script).toContain(
'if [ -z "YES" ]; then\n not_configured go',
);
});
});

84
jfrog-oauth/main.tf
Unescape Escape View File

@ -53,23 +53,51 @@ variable "configure_code_server" {
} }
variable "package_managers" { variable "package_managers" {
type = map(string) type = object({
description = <<EOF npm = optional(list(string), [])
A map of package manager names to their respective artifactory repositories. go = optional(list(string), [])
For example: pypi = optional(list(string), [])
docker = optional(list(string), [])
})
description = <<-EOF
A map of package manager names to their respective artifactory repositories. Unused package managers can be omitted.
For example:
{ {
"npm": "YOUR_NPM_REPO_KEY", npm = ["GLOBAL_NPM_REPO_KEY", "@SCOPED:NPM_REPO_KEY"]
"go": "YOUR_GO_REPO_KEY", go = ["YOUR_GO_REPO_KEY", "ANOTHER_GO_REPO_KEY"]
"pypi": "YOUR_PYPI_REPO_KEY", pypi = ["YOUR_PYPI_REPO_KEY", "ANOTHER_PYPI_REPO_KEY"]
"docker": "YOUR_DOCKER_REPO_KEY" docker = ["YOUR_DOCKER_REPO_KEY", "ANOTHER_DOCKER_REPO_KEY"]
} }
EOF EOF
} }
locals { locals {
# The username field to use for artifactory # The username field to use for artifactory
username = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name username = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
jfrog_host = replace(var.jfrog_url, "https://", "") jfrog_host = split("://", var.jfrog_url)[1]
common_values = {
JFROG_URL = var.jfrog_url
JFROG_HOST = local.jfrog_host
JFROG_SERVER_ID = var.jfrog_server_id
ARTIFACTORY_USERNAME = local.username
ARTIFACTORY_EMAIL = data.coder_workspace_owner.me.email
ARTIFACTORY_ACCESS_TOKEN = data.coder_external_auth.jfrog.access_token
}
npmrc = templatefile(
"${path.module}/.npmrc.tftpl",
merge(
local.common_values,
{
REPOS = [
for r in var.package_managers.npm :
strcontains(r, ":") ? zipmap(["SCOPE", "NAME"], ["${split(":", r)[0]}:", split(":", r)[1]]) : { SCOPE = "", NAME = r }
]
}
)
)
pip_conf = templatefile(
"${path.module}/pip.conf.tftpl", merge(local.common_values, { REPOS = var.package_managers.pypi })
)
} }
data "coder_workspace" "me" {} data "coder_workspace" "me" {}
@ -83,19 +111,22 @@ resource "coder_script" "jfrog" {
agent_id = var.agent_id agent_id = var.agent_id
display_name = "jfrog" display_name = "jfrog"
icon = "/icon/jfrog.svg" icon = "/icon/jfrog.svg"
script = templatefile("${path.module}/run.sh", { script = templatefile("${path.module}/run.sh", merge(
JFROG_URL : var.jfrog_url, local.common_values,
JFROG_HOST : local.jfrog_host, {
JFROG_SERVER_ID : var.jfrog_server_id, CONFIGURE_CODE_SERVER = var.configure_code_server
ARTIFACTORY_USERNAME : local.username, HAS_NPM = length(var.package_managers.npm) == 0 ? "" : "YES"
ARTIFACTORY_EMAIL : data.coder_workspace_owner.me.email, NPMRC = local.npmrc
ARTIFACTORY_ACCESS_TOKEN : data.coder_external_auth.jfrog.access_token, REPOSITORY_NPM = try(element(var.package_managers.npm, 0), "")
CONFIGURE_CODE_SERVER : var.configure_code_server, HAS_GO = length(var.package_managers.go) == 0 ? "" : "YES"
REPOSITORY_NPM : lookup(var.package_managers, "npm", ""), REPOSITORY_GO = try(element(var.package_managers.go, 0), "")
REPOSITORY_GO : lookup(var.package_managers, "go", ""), HAS_PYPI = length(var.package_managers.pypi) == 0 ? "" : "YES"
REPOSITORY_PYPI : lookup(var.package_managers, "pypi", ""), PIP_CONF = local.pip_conf
REPOSITORY_DOCKER : lookup(var.package_managers, "docker", ""), REPOSITORY_PYPI = try(element(var.package_managers.pypi, 0), "")
}) HAS_DOCKER = length(var.package_managers.docker) == 0 ? "" : "YES"
REGISTER_DOCKER = join("\n", formatlist("register_docker \"%s\"", var.package_managers.docker))
}
))
run_on_start = true run_on_start = true
} }
@ -121,10 +152,13 @@ resource "coder_env" "jfrog_ide_store_connection" {
} }
resource "coder_env" "goproxy" { resource "coder_env" "goproxy" {
count = lookup(var.package_managers, "go", "") == "" ? 0 : 1 count = length(var.package_managers.go) == 0 ? 0 : 1
agent_id = var.agent_id agent_id = var.agent_id
name = "GOPROXY" name = "GOPROXY"
value = "https://${local.username}:${data.coder_external_auth.jfrog.access_token}@${local.jfrog_host}/artifactory/api/go/${lookup(var.package_managers, "go", "")}" value = join(",", [
for repo in var.package_managers.go :
"https://${local.username}:${data.coder_external_auth.jfrog.access_token}@${local.jfrog_host}/artifactory/api/go/${repo}"
])
} }
output "access_token" { output "access_token" {

6
jfrog-oauth/pip.conf.tftpl
Unescape Escape View File

@ -0,0 +1,6 @@
[global]
index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${try(element(REPOS, 0), "")}/simple
extra-index-url =
%{ for REPO in try(slice(REPOS, 1, length(REPOS)), []) ~}
https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPO}/simple
%{ endfor ~}

61
jfrog-oauth/run.sh
Unescape Escape View File

@ -2,6 +2,21 @@
BOLD='\033[0;1m' BOLD='\033[0;1m'
not_configured() {
type=$1
echo "🤔 no $type repository is set, skipping $type configuration."
echo "You can configure a $type repository by providing a key for '$type' in the 'package_managers' input."
}
config_complete() {
echo "🥳 Configuration complete!"
}
register_docker() {
repo=$1
echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login "$repo" --username ${ARTIFACTORY_USERNAME} --password-stdin
}
# check if JFrog CLI is already installed # check if JFrog CLI is already installed
if command -v jf > /dev/null 2>&1; then if command -v jf > /dev/null 2>&1; then
echo "✅ JFrog CLI is already installed, skipping installation." echo "✅ JFrog CLI is already installed, skipping installation."
@ -20,52 +35,47 @@ echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFRO
jf c use "${JFROG_SERVER_ID}" jf c use "${JFROG_SERVER_ID}"
# Configure npm to use the Artifactory "npm" repository. # Configure npm to use the Artifactory "npm" repository.
if [ -z "${REPOSITORY_NPM}" ]; then if [ -z "${HAS_NPM}" ]; then
echo "🤔 no npm repository is set, skipping npm configuration." not_configured npm
echo "You can configure an npm repository by providing the a key for 'npm' in the 'package_managers' input."
else else
echo "📦 Configuring npm..." echo "📦 Configuring npm..."
jf npmc --global --repo-resolve "${REPOSITORY_NPM}" jf npmc --global --repo-resolve "${REPOSITORY_NPM}"
cat << EOF > ~/.npmrc cat << EOF > ~/.npmrc
email=${ARTIFACTORY_EMAIL} ${NPMRC}
registry=${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}
EOF EOF
echo "//${JFROG_HOST}/artifactory/api/npm/${REPOSITORY_NPM}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}" >> ~/.npmrc config_complete
fi fi
# Configure the `pip` to use the Artifactory "python" repository. # Configure the `pip` to use the Artifactory "python" repository.
if [ -z "${REPOSITORY_PYPI}" ]; then if [ -z "${HAS_PYPI}" ]; then
echo "🤔 no pypi repository is set, skipping pip configuration." not_configured pypi
echo "You can configure a pypi repository by providing the a key for 'pypi' in the 'package_managers' input."
else else
echo "📦 Configuring pip..." echo "🐍 Configuring pip..."
jf pipc --global --repo-resolve "${REPOSITORY_PYPI}" jf pipc --global --repo-resolve "${REPOSITORY_PYPI}"
mkdir -p ~/.pip mkdir -p ~/.pip
cat << EOF > ~/.pip/pip.conf cat << EOF > ~/.pip/pip.conf
[global] ${PIP_CONF}
index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPOSITORY_PYPI}/simple
EOF EOF
config_complete
fi fi
# Configure Artifactory "go" repository. # Configure Artifactory "go" repository.
if [ -z "${REPOSITORY_GO}" ]; then if [ -z "${HAS_GO}" ]; then
echo "🤔 no go repository is set, skipping go configuration." not_configured go
echo "You can configure a go repository by providing the a key for 'go' in the 'package_managers' input."
else else
echo "🐹 Configuring go..." echo "🐹 Configuring go..."
jf goc --global --repo-resolve "${REPOSITORY_GO}" jf goc --global --repo-resolve "${REPOSITORY_GO}"
config_complete
fi fi
echo "🥳 Configuration complete!"
# Configure the JFrog CLI to use the Artifactory "docker" repository. # Configure the JFrog CLI to use the Artifactory "docker" repository.
if [ -z "${REPOSITORY_DOCKER}" ]; then if [ -z "${HAS_DOCKER}" ]; then
echo "🤔 no docker repository is set, skipping docker configuration." not_configured docker
echo "You can configure a docker repository by providing the a key for 'docker' in the 'package_managers' input."
else else
if command -v docker > /dev/null 2>&1; then if command -v docker > /dev/null 2>&1; then
echo "🔑 Configuring 🐳 docker credentials..." echo "🔑 Configuring 🐳 docker credentials..."
mkdir -p ~/.docker mkdir -p ~/.docker
echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login ${JFROG_HOST} --username ${ARTIFACTORY_USERNAME} --password-stdin ${REGISTER_DOCKER}
else else
echo "🤔 no docker is installed, skipping docker configuration." echo "🤔 no docker is installed, skipping docker configuration."
fi fi
@ -96,20 +106,19 @@ echo "📦 Configuring JFrog CLI completion..."
SHELLNAME=$(grep "^$USER" /etc/passwd | awk -F':' '{print $7}' | awk -F'/' '{print $NF}') SHELLNAME=$(grep "^$USER" /etc/passwd | awk -F':' '{print $7}' | awk -F'/' '{print $NF}')
# Generate the completion script # Generate the completion script
jf completion $SHELLNAME --install jf completion $SHELLNAME --install
begin_stanza="# BEGIN: jf CLI shell completion (added by coder module jfrog-oauth)"
# Add the completion script to the user's shell profile # Add the completion script to the user's shell profile
if [ "$SHELLNAME" == "bash" ] && [ -f ~/.bashrc ]; then if [ "$SHELLNAME" == "bash" ] && [ -f ~/.bashrc ]; then
if ! grep -q "# jf CLI shell completion" ~/.bashrc; then if ! grep -q "$begin_stanza" ~/.bashrc; then
echo "" >> ~/.bashrc printf "%s\n" "$begin_stanza" >> ~/.bashrc
echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-oauth)" >> ~/.bashrc
echo 'source "$HOME/.jfrog/jfrog_bash_completion"' >> ~/.bashrc echo 'source "$HOME/.jfrog/jfrog_bash_completion"' >> ~/.bashrc
echo "# END: jf CLI shell completion" >> ~/.bashrc echo "# END: jf CLI shell completion" >> ~/.bashrc
else else
echo "🥳 ~/.bashrc already contains jf CLI shell completion configuration, skipping." echo "🥳 ~/.bashrc already contains jf CLI shell completion configuration, skipping."
fi fi
elif [ "$SHELLNAME" == "zsh" ] && [ -f ~/.zshrc ]; then elif [ "$SHELLNAME" == "zsh" ] && [ -f ~/.zshrc ]; then
if ! grep -q "# jf CLI shell completion" ~/.zshrc; then if ! grep -q "$begin_stanza" ~/.zshrc; then
echo "" >> ~/.zshrc printf "\n%s\n" "$begin_stanza" >> ~/.zshrc
echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-oauth)" >> ~/.zshrc
echo "autoload -Uz compinit" >> ~/.zshrc echo "autoload -Uz compinit" >> ~/.zshrc
echo "compinit" >> ~/.zshrc echo "compinit" >> ~/.zshrc
echo 'source "$HOME/.jfrog/jfrog_zsh_completion"' >> ~/.zshrc echo 'source "$HOME/.jfrog/jfrog_zsh_completion"' >> ~/.zshrc

5
jfrog-token/.npmrc.tftpl
Unescape Escape View File

@ -0,0 +1,5 @@
email=${ARTIFACTORY_EMAIL}
%{ for REPO in REPOS ~}
${REPO.SCOPE}registry=${JFROG_URL}/artifactory/api/npm/${REPO.NAME}
//${JFROG_HOST}/artifactory/api/npm/${REPO.NAME}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}
%{ endfor ~}

31
jfrog-token/README.md
Unescape Escape View File

@ -15,14 +15,15 @@ Install the JF CLI and authenticate package managers with Artifactory using Arti
```tf ```tf
module "jfrog" { module "jfrog" {
source = "registry.coder.com/modules/jfrog-token/coder" source = "registry.coder.com/modules/jfrog-token/coder"
version = "1.0.15" version = "1.0.19"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
jfrog_url = "https://XXXX.jfrog.io" jfrog_url = "https://XXXX.jfrog.io"
artifactory_access_token = var.artifactory_access_token artifactory_access_token = var.artifactory_access_token
package_managers = { package_managers = {
"npm" : "npm", npm = ["npm", "@scoped:npm-scoped"]
"go" : "go", go = ["go", "another-go-repo"]
"pypi" : "pypi" pypi = ["pypi", "extra-index-pypi"]
docker = ["example-docker-staging.jfrog.io", "example-docker-production.jfrog.io"]
} }
} }
``` ```
@ -41,14 +42,14 @@ For detailed instructions, please see this [guide](https://coder.com/docs/v2/lat
```tf ```tf
module "jfrog" { module "jfrog" {
source = "registry.coder.com/modules/jfrog-token/coder" source = "registry.coder.com/modules/jfrog-token/coder"
version = "1.0.15" version = "1.0.19"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
jfrog_url = "https://YYYY.jfrog.io" jfrog_url = "https://YYYY.jfrog.io"
artifactory_access_token = var.artifactory_access_token # An admin access token artifactory_access_token = var.artifactory_access_token # An admin access token
package_managers = { package_managers = {
"npm" : "npm-local", npm = ["npm-local"]
"go" : "go-local", go = ["go-local"]
"pypi" : "pypi-local" pypi = ["pypi-local"]
} }
} }
``` ```
@ -74,15 +75,15 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
```tf ```tf
module "jfrog" { module "jfrog" {
source = "registry.coder.com/modules/jfrog-token/coder" source = "registry.coder.com/modules/jfrog-token/coder"
version = "1.0.15" version = "1.0.19"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
jfrog_url = "https://XXXX.jfrog.io" jfrog_url = "https://XXXX.jfrog.io"
artifactory_access_token = var.artifactory_access_token artifactory_access_token = var.artifactory_access_token
configure_code_server = true # Add JFrog extension configuration for code-server configure_code_server = true # Add JFrog extension configuration for code-server
package_managers = { package_managers = {
"npm" : "npm", npm = ["npm"]
"go" : "go", go = ["go"]
"pypi" : "pypi" pypi = ["pypi"]
} }
} }
``` ```
@ -94,15 +95,13 @@ data "coder_workspace" "me" {}
module "jfrog" { module "jfrog" {
source = "registry.coder.com/modules/jfrog-token/coder" source = "registry.coder.com/modules/jfrog-token/coder"
version = "1.0.15" version = "1.0.19"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
jfrog_url = "https://XXXX.jfrog.io" jfrog_url = "https://XXXX.jfrog.io"
artifactory_access_token = var.artifactory_access_token artifactory_access_token = var.artifactory_access_token
token_description = "Token for Coder workspace: ${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}" token_description = "Token for Coder workspace: ${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}"
package_managers = { package_managers = {
"npm" : "npm", npm = ["npm"]
"go" : "go",
"pypi" : "pypi"
} }
} }
``` ```

129
jfrog-token/main.test.ts
Unescape Escape View File

@ -1,12 +1,29 @@
import { serve } from "bun"; import { serve } from "bun";
import { describe } from "bun:test"; import { describe, expect, it } from "bun:test";
import { import {
createJSONResponse, createJSONResponse,
findResourceInstance,
runTerraformInit, runTerraformInit,
runTerraformApply,
testRequiredVariables, testRequiredVariables,
} from "../test"; } from "../test";
describe("jfrog-token", async () => { describe("jfrog-token", async () => {
type TestVariables = {
agent_id: string;
jfrog_url: string;
artifactory_access_token: string;
package_managers: string;
token_description?: string;
check_license?: boolean;
refreshable?: boolean;
expires_in?: number;
username_field?: string;
jfrog_server_id?: string;
configure_code_server?: boolean;
};
await runTerraformInit(import.meta.dir); await runTerraformInit(import.meta.dir);
// Run a fake JFrog server so the provider can initialize // Run a fake JFrog server so the provider can initialize
@ -32,10 +49,116 @@ describe("jfrog-token", async () => {
port: 0, port: 0,
}); });
testRequiredVariables(import.meta.dir, { const fakeFrogApi = `${fakeFrogHost.hostname}:${fakeFrogHost.port}/artifactory/api`;
const fakeFrogUrl = `http://${fakeFrogHost.hostname}:${fakeFrogHost.port}`;
const user = "default";
const token = "xxx";
it("can run apply with required variables", async () => {
testRequiredVariables<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id", agent_id: "some-agent-id",
jfrog_url: "http://" + fakeFrogHost.hostname + ":" + fakeFrogHost.port, jfrog_url: fakeFrogUrl,
artifactory_access_token: "XXXX", artifactory_access_token: "XXXX",
package_managers: "{}", package_managers: "{}",
}); });
});
it("generates an npmrc with scoped repos", async () => {
const state = await runTerraformApply<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id",
jfrog_url: fakeFrogUrl,
artifactory_access_token: "XXXX",
package_managers: JSON.stringify({
npm: ["global", "@foo:foo", "@bar:bar"],
}),
});
const coderScript = findResourceInstance(state, "coder_script");
const npmrcStanza = `cat << EOF > ~/.npmrc
email=${user}@example.com
registry=http://${fakeFrogApi}/npm/global
//${fakeFrogApi}/npm/global/:_authToken=xxx
@foo:registry=http://${fakeFrogApi}/npm/foo
//${fakeFrogApi}/npm/foo/:_authToken=xxx
@bar:registry=http://${fakeFrogApi}/npm/bar
//${fakeFrogApi}/npm/bar/:_authToken=xxx
EOF`;
expect(coderScript.script).toContain(npmrcStanza);
expect(coderScript.script).toContain(
'jf npmc --global --repo-resolve "global"',
);
expect(coderScript.script).toContain(
'if [ -z "YES" ]; then\n not_configured npm',
);
});
it("generates a pip config with extra-indexes", async () => {
const state = await runTerraformApply<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id",
jfrog_url: fakeFrogUrl,
artifactory_access_token: "XXXX",
package_managers: JSON.stringify({
pypi: ["global", "foo", "bar"],
}),
});
const coderScript = findResourceInstance(state, "coder_script");
const pipStanza = `cat << EOF > ~/.pip/pip.conf
[global]
index-url = https://${user}:${token}@${fakeFrogApi}/pypi/global/simple
extra-index-url =
https://${user}:${token}@${fakeFrogApi}/pypi/foo/simple
https://${user}:${token}@${fakeFrogApi}/pypi/bar/simple
EOF`;
expect(coderScript.script).toContain(pipStanza);
expect(coderScript.script).toContain(
'jf pipc --global --repo-resolve "global"',
);
expect(coderScript.script).toContain(
'if [ -z "YES" ]; then\n not_configured pypi',
);
});
it("registers multiple docker repos", async () => {
const state = await runTerraformApply<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id",
jfrog_url: fakeFrogUrl,
artifactory_access_token: "XXXX",
package_managers: JSON.stringify({
docker: ["foo.jfrog.io", "bar.jfrog.io", "baz.jfrog.io"],
}),
});
const coderScript = findResourceInstance(state, "coder_script");
const dockerStanza = ["foo", "bar", "baz"]
.map((r) => `register_docker "${r}.jfrog.io"`)
.join("\n");
expect(coderScript.script).toContain(dockerStanza);
expect(coderScript.script).toContain(
'if [ -z "YES" ]; then\n not_configured docker',
);
});
it("sets goproxy with multiple repos", async () => {
const state = await runTerraformApply<TestVariables>(import.meta.dir, {
agent_id: "some-agent-id",
jfrog_url: fakeFrogUrl,
artifactory_access_token: "XXXX",
package_managers: JSON.stringify({
go: ["foo", "bar", "baz"],
}),
});
const proxyEnv = findResourceInstance(state, "coder_env", "goproxy");
const proxies = ["foo", "bar", "baz"]
.map((r) => `https://${user}:${token}@${fakeFrogApi}/go/${r}`)
.join(",");
expect(proxyEnv["value"]).toEqual(proxies);
const coderScript = findResourceInstance(state, "coder_script");
expect(coderScript.script).toContain(
'jf goc --global --repo-resolve "foo"',
);
expect(coderScript.script).toContain(
'if [ -z "YES" ]; then\n not_configured go',
);
});
}); });

84
jfrog-token/main.tf
Unescape Escape View File

@ -80,23 +80,51 @@ variable "configure_code_server" {
} }
variable "package_managers" { variable "package_managers" {
type = map(string) type = object({
description = <<EOF npm = optional(list(string), [])
A map of package manager names to their respective artifactory repositories. go = optional(list(string), [])
For example: pypi = optional(list(string), [])
docker = optional(list(string), [])
})
description = <<-EOF
A map of package manager names to their respective artifactory repositories. Unused package managers can be omitted.
For example:
{ {
"npm": "YOUR_NPM_REPO_KEY", npm = ["GLOBAL_NPM_REPO_KEY", "@SCOPED:NPM_REPO_KEY"]
"go": "YOUR_GO_REPO_KEY", go = ["YOUR_GO_REPO_KEY", "ANOTHER_GO_REPO_KEY"]
"pypi": "YOUR_PYPI_REPO_KEY", pypi = ["YOUR_PYPI_REPO_KEY", "ANOTHER_PYPI_REPO_KEY"]
"docker": "YOUR_DOCKER_REPO_KEY" docker = ["YOUR_DOCKER_REPO_KEY", "ANOTHER_DOCKER_REPO_KEY"]
} }
EOF EOF
} }
locals { locals {
# The username field to use for artifactory # The username field to use for artifactory
username = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name username = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
jfrog_host = replace(var.jfrog_url, "https://", "") jfrog_host = split("://", var.jfrog_url)[1]
common_values = {
JFROG_URL = var.jfrog_url
JFROG_HOST = local.jfrog_host
JFROG_SERVER_ID = var.jfrog_server_id
ARTIFACTORY_USERNAME = local.username
ARTIFACTORY_EMAIL = data.coder_workspace_owner.me.email
ARTIFACTORY_ACCESS_TOKEN = artifactory_scoped_token.me.access_token
}
npmrc = templatefile(
"${path.module}/.npmrc.tftpl",
merge(
local.common_values,
{
REPOS = [
for r in var.package_managers.npm :
strcontains(r, ":") ? zipmap(["SCOPE", "NAME"], ["${split(":", r)[0]}:", split(":", r)[1]]) : { SCOPE = "", NAME = r }
]
}
)
)
pip_conf = templatefile(
"${path.module}/pip.conf.tftpl", merge(local.common_values, { REPOS = var.package_managers.pypi })
)
} }
# Configure the Artifactory provider # Configure the Artifactory provider
@ -123,19 +151,22 @@ resource "coder_script" "jfrog" {
agent_id = var.agent_id agent_id = var.agent_id
display_name = "jfrog" display_name = "jfrog"
icon = "/icon/jfrog.svg" icon = "/icon/jfrog.svg"
script = templatefile("${path.module}/run.sh", { script = templatefile("${path.module}/run.sh", merge(
JFROG_URL : var.jfrog_url, local.common_values,
JFROG_HOST : local.jfrog_host, {
JFROG_SERVER_ID : var.jfrog_server_id, CONFIGURE_CODE_SERVER = var.configure_code_server
ARTIFACTORY_USERNAME : local.username, HAS_NPM = length(var.package_managers.npm) == 0 ? "" : "YES"
ARTIFACTORY_EMAIL : data.coder_workspace_owner.me.email, NPMRC = local.npmrc
ARTIFACTORY_ACCESS_TOKEN : artifactory_scoped_token.me.access_token, REPOSITORY_NPM = try(element(var.package_managers.npm, 0), "")
CONFIGURE_CODE_SERVER : var.configure_code_server, HAS_GO = length(var.package_managers.go) == 0 ? "" : "YES"
REPOSITORY_NPM : lookup(var.package_managers, "npm", ""), REPOSITORY_GO = try(element(var.package_managers.go, 0), "")
REPOSITORY_GO : lookup(var.package_managers, "go", ""), HAS_PYPI = length(var.package_managers.pypi) == 0 ? "" : "YES"
REPOSITORY_PYPI : lookup(var.package_managers, "pypi", ""), PIP_CONF = local.pip_conf
REPOSITORY_DOCKER : lookup(var.package_managers, "docker", ""), REPOSITORY_PYPI = try(element(var.package_managers.pypi, 0), "")
}) HAS_DOCKER = length(var.package_managers.docker) == 0 ? "" : "YES"
REGISTER_DOCKER = join("\n", formatlist("register_docker \"%s\"", var.package_managers.docker))
}
))
run_on_start = true run_on_start = true
} }
@ -161,10 +192,13 @@ resource "coder_env" "jfrog_ide_store_connection" {
} }
resource "coder_env" "goproxy" { resource "coder_env" "goproxy" {
count = lookup(var.package_managers, "go", "") == "" ? 0 : 1 count = length(var.package_managers.go) == 0 ? 0 : 1
agent_id = var.agent_id agent_id = var.agent_id
name = "GOPROXY" name = "GOPROXY"
value = "https://${local.username}:${artifactory_scoped_token.me.access_token}@${local.jfrog_host}/artifactory/api/go/${lookup(var.package_managers, "go", "")}" value = join(",", [
for repo in var.package_managers.go :
"https://${local.username}:${artifactory_scoped_token.me.access_token}@${local.jfrog_host}/artifactory/api/go/${repo}"
])
} }
output "access_token" { output "access_token" {

6
jfrog-token/pip.conf.tftpl
Unescape Escape View File

@ -0,0 +1,6 @@
[global]
index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${try(element(REPOS, 0), "")}/simple
extra-index-url =
%{ for REPO in try(slice(REPOS, 1, length(REPOS)), []) ~}
https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPO}/simple
%{ endfor ~}

62
jfrog-token/run.sh
Unescape Escape View File

@ -2,6 +2,21 @@
BOLD='\033[0;1m' BOLD='\033[0;1m'
not_configured() {
type=$1
echo "🤔 no $type repository is set, skipping $type configuration."
echo "You can configure a $type repository by providing a key for '$type' in the 'package_managers' input."
}
config_complete() {
echo "🥳 Configuration complete!"
}
register_docker() {
repo=$1
echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login "$repo" --username ${ARTIFACTORY_USERNAME} --password-stdin
}
# check if JFrog CLI is already installed # check if JFrog CLI is already installed
if command -v jf > /dev/null 2>&1; then if command -v jf > /dev/null 2>&1; then
echo "✅ JFrog CLI is already installed, skipping installation." echo "✅ JFrog CLI is already installed, skipping installation."
@ -11,8 +26,7 @@ else
sudo chmod 755 /usr/local/bin/jf sudo chmod 755 /usr/local/bin/jf
fi fi
# The jf CLI checks $CI when determining whether to use interactive # The jf CLI checks $CI when determining whether to use interactive flows.
# flows.
export CI=true export CI=true
# Authenticate JFrog CLI with Artifactory. # Authenticate JFrog CLI with Artifactory.
echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" --overwrite "${JFROG_SERVER_ID}" echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" --overwrite "${JFROG_SERVER_ID}"
@ -20,52 +34,47 @@ echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFRO
jf c use "${JFROG_SERVER_ID}" jf c use "${JFROG_SERVER_ID}"
# Configure npm to use the Artifactory "npm" repository. # Configure npm to use the Artifactory "npm" repository.
if [ -z "${REPOSITORY_NPM}" ]; then if [ -z "${HAS_NPM}" ]; then
echo "🤔 no npm repository is set, skipping npm configuration." not_configured npm
echo "You can configure an npm repository by providing the a key for 'npm' in the 'package_managers' input."
else else
echo "📦 Configuring npm..." echo "📦 Configuring npm..."
jf npmc --global --repo-resolve "${REPOSITORY_NPM}" jf npmc --global --repo-resolve "${REPOSITORY_NPM}"
cat << EOF > ~/.npmrc cat << EOF > ~/.npmrc
email=${ARTIFACTORY_EMAIL} ${NPMRC}
registry=${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}
EOF EOF
echo "//${JFROG_HOST}/artifactory/api/npm/${REPOSITORY_NPM}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}" >> ~/.npmrc config_complete
fi fi
# Configure the `pip` to use the Artifactory "python" repository. # Configure the `pip` to use the Artifactory "python" repository.
if [ -z "${REPOSITORY_PYPI}" ]; then if [ -z "${HAS_PYPI}" ]; then
echo "🤔 no pypi repository is set, skipping pip configuration." not_configured pypi
echo "You can configure a pypi repository by providing the a key for 'pypi' in the 'package_managers' input."
else else
echo "🐍 Configuring pip..." echo "🐍 Configuring pip..."
jf pipc --global --repo-resolve "${REPOSITORY_PYPI}" jf pipc --global --repo-resolve "${REPOSITORY_PYPI}"
mkdir -p ~/.pip mkdir -p ~/.pip
cat << EOF > ~/.pip/pip.conf cat << EOF > ~/.pip/pip.conf
[global] ${PIP_CONF}
index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPOSITORY_PYPI}/simple
EOF EOF
config_complete
fi fi
# Configure Artifactory "go" repository. # Configure Artifactory "go" repository.
if [ -z "${REPOSITORY_GO}" ]; then if [ -z "${HAS_GO}" ]; then
echo "🤔 no go repository is set, skipping go configuration." not_configured go
echo "You can configure a go repository by providing the a key for 'go' in the 'package_managers' input."
else else
echo "🐹 Configuring go..." echo "🐹 Configuring go..."
jf goc --global --repo-resolve "${REPOSITORY_GO}" jf goc --global --repo-resolve "${REPOSITORY_GO}"
config_complete
fi fi
echo "🥳 Configuration complete!"
# Configure the JFrog CLI to use the Artifactory "docker" repository. # Configure the JFrog CLI to use the Artifactory "docker" repository.
if [ -z "${REPOSITORY_DOCKER}" ]; then if [ -z "${HAS_DOCKER}" ]; then
echo "🤔 no docker repository is set, skipping docker configuration." not_configured docker
echo "You can configure a docker repository by providing the a key for 'docker' in the 'package_managers' input."
else else
if command -v docker > /dev/null 2>&1; then if command -v docker > /dev/null 2>&1; then
echo "🔑 Configuring 🐳 docker credentials..." echo "🔑 Configuring 🐳 docker credentials..."
mkdir -p ~/.docker mkdir -p ~/.docker
echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login ${JFROG_HOST} --username ${ARTIFACTORY_USERNAME} --password-stdin ${REGISTER_DOCKER}
else else
echo "🤔 no docker is installed, skipping docker configuration." echo "🤔 no docker is installed, skipping docker configuration."
fi fi
@ -96,20 +105,19 @@ echo "📦 Configuring JFrog CLI completion..."
SHELLNAME=$(grep "^$USER" /etc/passwd | awk -F':' '{print $7}' | awk -F'/' '{print $NF}') SHELLNAME=$(grep "^$USER" /etc/passwd | awk -F':' '{print $7}' | awk -F'/' '{print $NF}')
# Generate the completion script # Generate the completion script
jf completion $SHELLNAME --install jf completion $SHELLNAME --install
begin_stanza="# BEGIN: jf CLI shell completion (added by coder module jfrog-token)"
# Add the completion script to the user's shell profile # Add the completion script to the user's shell profile
if [ "$SHELLNAME" == "bash" ] && [ -f ~/.bashrc ]; then if [ "$SHELLNAME" == "bash" ] && [ -f ~/.bashrc ]; then
if ! grep -q "# jf CLI shell completion" ~/.bashrc; then if ! grep -q "$begin_stanza" ~/.bashrc; then
echo "" >> ~/.bashrc printf "%s\n" "$begin_stanza" >> ~/.bashrc
echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-token)" >> ~/.bashrc
echo 'source "$HOME/.jfrog/jfrog_bash_completion"' >> ~/.bashrc echo 'source "$HOME/.jfrog/jfrog_bash_completion"' >> ~/.bashrc
echo "# END: jf CLI shell completion" >> ~/.bashrc echo "# END: jf CLI shell completion" >> ~/.bashrc
else else
echo "🥳 ~/.bashrc already contains jf CLI shell completion configuration, skipping." echo "🥳 ~/.bashrc already contains jf CLI shell completion configuration, skipping."
fi fi
elif [ "$SHELLNAME" == "zsh" ] && [ -f ~/.zshrc ]; then elif [ "$SHELLNAME" == "zsh" ] && [ -f ~/.zshrc ]; then
if ! grep -q "# jf CLI shell completion" ~/.zshrc; then if ! grep -q "$begin_stanza" ~/.zshrc; then
echo "" >> ~/.zshrc printf "\n%s\n" "$begin_stanza" >> ~/.zshrc
echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-token)" >> ~/.zshrc
echo "autoload -Uz compinit" >> ~/.zshrc echo "autoload -Uz compinit" >> ~/.zshrc
echo "compinit" >> ~/.zshrc echo "compinit" >> ~/.zshrc
echo 'source "$HOME/.jfrog/jfrog_zsh_completion"' >> ~/.zshrc echo 'source "$HOME/.jfrog/jfrog_zsh_completion"' >> ~/.zshrc

14
test.ts
Unescape Escape View File

@ -108,6 +108,8 @@ export interface TerraformState {
resources: [TerraformStateResource, ...TerraformStateResource[]]; resources: [TerraformStateResource, ...TerraformStateResource[]];
} }
type TerraformVariables = Record<string, JsonValue>;
export interface CoderScriptAttributes { export interface CoderScriptAttributes {
script: string; script: string;
agent_id: string; agent_id: string;
@ -145,9 +147,9 @@ export const findResourceInstance = <T extends string>(
* Creates a test-case for each variable provided and ensures that the apply * Creates a test-case for each variable provided and ensures that the apply
* fails without it. * fails without it.
*/ */
export const testRequiredVariables = <TVars extends Record<string, string>>( export const testRequiredVariables = <TVars extends TerraformVariables>(
dir: string, dir: string,
vars: TVars, vars: Readonly<TVars>,
) => { ) => {
// Ensures that all required variables are provided. // Ensures that all required variables are provided.
it("required variables", async () => { it("required variables", async () => {
@ -158,7 +160,7 @@ export const testRequiredVariables = <TVars extends Record<string, string>>(
varNames.forEach((varName) => { varNames.forEach((varName) => {
// Ensures that every variable provided is required! // Ensures that every variable provided is required!
it("missing variable " + varName, async () => { it("missing variable " + varName, async () => {
const localVars: Record<string, string> = {}; const localVars: TerraformVariables = {};
varNames.forEach((otherVarName) => { varNames.forEach((otherVarName) => {
if (otherVarName !== varName) { if (otherVarName !== varName) {
localVars[otherVarName] = vars[otherVarName]; localVars[otherVarName] = vars[otherVarName];
@ -187,11 +189,9 @@ export const testRequiredVariables = <TVars extends Record<string, string>>(
* fine to run in parallel with other instances of this function, as it uses a * fine to run in parallel with other instances of this function, as it uses a
* random state file. * random state file.
*/ */
export const runTerraformApply = async < export const runTerraformApply = async <TVars extends TerraformVariables>(
TVars extends Readonly<Record<string, string | boolean>>,
>(
dir: string, dir: string,
vars: TVars, vars: Readonly<TVars>,
env?: Record<string, string>, env?: Record<string, string>,
): Promise<TerraformState> => { ): Promise<TerraformState> => {
const stateFile = `${dir}/${crypto.randomUUID()}.tfstate`; const stateFile = `${dir}/${crypto.randomUUID()}.tfstate`;

2
tsconfig.json
Unescape Escape View File

@ -1,7 +1,7 @@
{ {
"compilerOptions": { "compilerOptions": {
"target": "esnext", "target": "esnext",
"module": "esnext", "module": "nodenext",
"strict": true, "strict": true,
"allowSyntheticDefaultImports": true, "allowSyntheticDefaultImports": true,
"moduleResolution": "nodenext", "moduleResolution": "nodenext",

77
vault-jwt/README.md
Unescape Escape View File

@ -0,0 +1,77 @@
---
display_name: Hashicorp Vault Integration (JWT)
description: Authenticates with Vault using a JWT from Coder's OIDC provider
icon: ../.icons/vault.svg
maintainer_github: coder
partner_github: hashicorp
verified: true
tags: [helper, integration, vault, jwt, oidc]
---
# Hashicorp Vault Integration (JWT)
This module lets you authenticate with [Hashicorp Vault](https://www.vaultproject.io/) in your Coder workspaces by reusing the [OIDC](https://coder.com/docs/admin/auth#openid-connect) access token from Coder's OIDC authentication method. This requires configuring the Vault [JWT/OIDC](https://developer.hashicorp.com/vault/docs/auth/jwt#configuration) auth method.
```tf
module "vault" {
source = "registry.coder.com/modules/vault-jwt/coder"
version = "1.0.19"
agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com"
vault_jwt_role = "coder" # The Vault role to use for authentication
}
```
Then you can use the Vault CLI in your workspaces to fetch secrets from Vault:
```shell
vault kv get -namespace=coder -mount=secrets coder
```
or using the Vault API:
```shell
curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder"
```
## Examples
### Configure Vault integration with a non standard auth path (default is "jwt")
```tf
module "vault" {
source = "registry.coder.com/modules/vault-jwt/coder"
version = "1.0.19"
agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com"
vault_jwt_auth_path = "oidc"
vault_jwt_role = "coder" # The Vault role to use for authentication
}
```
### Map workspace owner's group to a Vault role
```tf
data "coder_workspace_owner" "me" {}
module "vault" {
source = "registry.coder.com/modules/vault-jwt/coder"
version = "1.0.19"
agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com"
vault_jwt_role = data.coder_workspace_owner.me.groups[0]
}
```
### Install a specific version of the Vault CLI
```tf
module "vault" {
source = "registry.coder.com/modules/vault-jwt/coder"
version = "1.0.19"
agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com"
vault_jwt_role = "coder" # The Vault role to use for authentication
vault_cli_version = "1.17.5"
}
```

12
vault-jwt/main.test.ts
Unescape Escape View File

@ -0,0 +1,12 @@
import { describe } from "bun:test";
import { runTerraformInit, testRequiredVariables } from "../test";
describe("vault-jwt", async () => {
await runTerraformInit(import.meta.dir);
testRequiredVariables(import.meta.dir, {
agent_id: "foo",
vault_addr: "foo",
vault_jwt_role: "foo",
});
});

64
vault-jwt/main.tf
Unescape Escape View File

@ -0,0 +1,64 @@
terraform {
required_version = ">= 1.0"
required_providers {
coder = {
source = "coder/coder"
version = ">= 0.12.4"
}
}
}
# Add required variables for your modules and remove any unneeded variables
variable "agent_id" {
type = string
description = "The ID of a Coder agent."
}
variable "vault_addr" {
type = string
description = "The address of the Vault server."
}
variable "vault_jwt_auth_path" {
type = string
description = "The path to the Vault JWT auth method."
default = "jwt"
}
variable "vault_jwt_role" {
type = string
description = "The name of the Vault role to use for authentication."
}
variable "vault_cli_version" {
type = string
description = "The version of Vault to install."
default = "latest"
validation {
condition = can(regex("^(latest|[0-9]+\\.[0-9]+\\.[0-9]+)$", var.vault_cli_version))
error_message = "Vault version must be in the format 0.0.0 or latest"
}
}
resource "coder_script" "vault" {
agent_id = var.agent_id
display_name = "Vault (GitHub)"
icon = "/icon/vault.svg"
script = templatefile("${path.module}/run.sh", {
CODER_OIDC_ACCESS_TOKEN : data.coder_workspace_owner.me.oidc_access_token,
VAULT_JWT_AUTH_PATH : var.vault_jwt_auth_path,
VAULT_JWT_ROLE : var.vault_jwt_role,
VAULT_CLI_VERSION : var.vault_cli_version,
})
run_on_start = true
start_blocks_login = true
}
resource "coder_env" "vault_addr" {
agent_id = var.agent_id
name = "VAULT_ADDR"
value = var.vault_addr
}
data "coder_workspace_owner" "me" {}

112
vault-jwt/run.sh
Unescape Escape View File

@ -0,0 +1,112 @@
#!/usr/bin/env bash
# Convert all templated variables to shell variables
VAULT_CLI_VERSION=${VAULT_CLI_VERSION}
VAULT_JWT_AUTH_PATH=${VAULT_JWT_AUTH_PATH}
VAULT_JWT_ROLE=${VAULT_JWT_ROLE}
CODER_OIDC_ACCESS_TOKEN=${CODER_OIDC_ACCESS_TOKEN}
fetch() {
dest="$1"
url="$2"
if command -v curl > /dev/null 2>&1; then
curl -sSL --fail "$${url}" -o "$${dest}"
elif command -v wget > /dev/null 2>&1; then
wget -O "$${dest}" "$${url}"
elif command -v busybox > /dev/null 2>&1; then
busybox wget -O "$${dest}" "$${url}"
else
printf "curl, wget, or busybox is not installed. Please install curl or wget in your image.\n"
exit 1
fi
}
unzip_safe() {
if command -v unzip > /dev/null 2>&1; then
command unzip "$@"
elif command -v busybox > /dev/null 2>&1; then
busybox unzip "$@"
else
printf "unzip or busybox is not installed. Please install unzip in your image.\n"
exit 1
fi
}
install() {
# Get the architecture of the system
ARCH=$(uname -m)
if [ "$${ARCH}" = "x86_64" ]; then
ARCH="amd64"
elif [ "$${ARCH}" = "aarch64" ]; then
ARCH="arm64"
else
printf "Unsupported architecture: $${ARCH}\n"
return 1
fi
# Fetch the latest version of Vault if VAULT_CLI_VERSION is 'latest'
if [ "$${VAULT_CLI_VERSION}" = "latest" ]; then
LATEST_VERSION=$(curl -s https://releases.hashicorp.com/vault/ | grep -v 'rc' | grep -oE 'vault/[0-9]+\.[0-9]+\.[0-9]+' | sed 's/vault\///' | sort -V | tail -n 1)
printf "Latest version of Vault is %s.\n\n" "$${LATEST_VERSION}"
if [ -z "$${LATEST_VERSION}" ]; then
printf "Failed to determine the latest Vault version.\n"
return 1
fi
VAULT_CLI_VERSION=$${VAULT_CLI_VERSION}
fi
# Check if the vault CLI is installed and has the correct version
installation_needed=1
if command -v vault > /dev/null 2>&1; then
CURRENT_VERSION=$(vault version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
if [ "$${CURRENT_VERSION}" = "$${VAULT_CLI_VERSION}" ]; then
printf "Vault version %s is already installed and up-to-date.\n\n" "$${CURRENT_VERSION}"
installation_needed=0
fi
fi
if [ $${installation_needed} -eq 1 ]; then
# Download and install Vault
if [ -z "$${CURRENT_VERSION}" ]; then
printf "Installing Vault CLI ...\n\n"
else
printf "Upgrading Vault CLI from version %s to %s ...\n\n" "$${CURRENT_VERSION}" "${VAULT_CLI_VERSION}"
fi
fetch vault.zip "https://releases.hashicorp.com/vault/$${VAULT_CLI_VERSION}/vault_$${VAULT_CLI_VERSION}_linux_$${ARCH}.zip"
if [ $? -ne 0 ]; then
printf "Failed to download Vault.\n"
return 1
fi
if ! unzip_safe vault.zip; then
printf "Failed to unzip Vault.\n"
return 1
fi
rm vault.zip
if sudo mv vault /usr/local/bin/vault 2> /dev/null; then
printf "Vault installed successfully!\n\n"
else
mkdir -p ~/.local/bin
if ! mv vault ~/.local/bin/vault; then
printf "Failed to move Vault to local bin.\n"
return 1
fi
printf "Please add ~/.local/bin to your PATH to use vault CLI.\n"
fi
fi
return 0
}
TMP=$(mktemp -d)
if ! (
cd "$TMP"
install
); then
echo "Failed to install Vault CLI."
exit 1
fi
rm -rf "$TMP"
# Authenticate with Vault
printf "🔑 Authenticating with Vault ...\n\n"
echo "$${CODER_OIDC_ACCESS_TOKEN}" | vault write auth/"$${VAULT_JWT_AUTH_PATH}"/login role="$${VAULT_JWT_ROLE}" jwt=-
printf "🥳 Vault authentication complete!\n\n"
printf "You can now use Vault CLI to access secrets.\n"
Write Preview
Loading…
Cancel
Save