From 7e897a51e641d4ee4191c869197c3a141085f9ac Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 13 Feb 2024 12:18:23 +0300 Subject: [PATCH] chore(vault-github): Add partner github and tests (#142) --- vault-github/README.md | 13 +++++++------ vault-github/main.test.ts | 11 +++++++++++ vault-github/main.tf | 1 - vault-github/run.sh | 3 --- 4 files changed, 18 insertions(+), 10 deletions(-) create mode 100644 vault-github/main.test.ts diff --git a/vault-github/README.md b/vault-github/README.md index 99bdb78..6919d8a 100644 --- a/vault-github/README.md +++ b/vault-github/README.md @@ -3,6 +3,7 @@ display_name: Hashicorp Vault Integration (GitHub) description: Authenticates with Vault using GitHub icon: ../.icons/vault.svg maintainer_github: coder +partner_github: hashicorp verified: true tags: [helper, integration, vault, github] --- @@ -14,7 +15,7 @@ This module lets you authenticate with [Hashicorp Vault](https://www.vaultprojec ```tf module "vault" { source = "registry.coder.com/modules/vault-github/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id vault_addr = "https://vault.example.com" } @@ -23,13 +24,13 @@ module "vault" { Then you can use the Vault CLI in your workspaces to fetch secrets from Vault: ```shell -vault kv get -mount=secret my-secret +vault kv get -mount=coder my-secret ``` or using the Vault API: ```shell -curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/secret/data/my-secret" +curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/data/my-secret" ``` ![Vault login](../.images/vault-login.png) @@ -45,7 +46,7 @@ To configure the Vault module, you must set up a Vault GitHub auth method. See t ```tf module "vault" { source = "registry.coder.com/modules/vault-github/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id vault_addr = "https://vault.example.com" coder_github_auth_id = "my-github-auth-id" @@ -57,7 +58,7 @@ module "vault" { ```tf module "vault" { source = "registry.coder.com/modules/vault-github/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id vault_addr = "https://vault.example.com" coder_github_auth_id = "my-github-auth-id" @@ -70,7 +71,7 @@ module "vault" { ```tf module "vault" { source = "registry.coder.com/modules/vault-github/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id vault_addr = "https://vault.example.com" vault_cli_version = "1.15.0" diff --git a/vault-github/main.test.ts b/vault-github/main.test.ts new file mode 100644 index 0000000..91ad50b --- /dev/null +++ b/vault-github/main.test.ts @@ -0,0 +1,11 @@ +import { describe } from "bun:test"; +import { runTerraformInit, testRequiredVariables } from "../test"; + +describe("vault-token", async () => { + await runTerraformInit(import.meta.dir); + + testRequiredVariables(import.meta.dir, { + agent_id: "foo", + vault_addr: "foo", + }); +}); diff --git a/vault-github/main.tf b/vault-github/main.tf index f059b3a..286025a 100644 --- a/vault-github/main.tf +++ b/vault-github/main.tf @@ -49,7 +49,6 @@ resource "coder_script" "vault" { display_name = "Vault (GitHub)" icon = "/icon/vault.svg" script = templatefile("${path.module}/run.sh", { - VAULT_ADDR : var.vault_addr, AUTH_PATH : var.vault_github_auth_path, GITHUB_EXTERNAL_AUTH_ID : data.coder_external_auth.github.id, INSTALL_VERSION : var.vault_cli_version, diff --git a/vault-github/run.sh b/vault-github/run.sh index 383ad9f..0f54a95 100644 --- a/vault-github/run.sh +++ b/vault-github/run.sh @@ -2,7 +2,6 @@ # Convert all templated variables to shell variables INSTALL_VERSION=${INSTALL_VERSION} -VAULT_ADDR=${VAULT_ADDR} GITHUB_EXTERNAL_AUTH_ID=${GITHUB_EXTERNAL_AUTH_ID} AUTH_PATH=${AUTH_PATH} @@ -92,8 +91,6 @@ if [ $? -ne 0 ]; then exit 1 fi -export VAULT_ADDR="$${VAULT_ADDR}" - # Login to vault using the GitHub token printf "🔑 Logging in to Vault ...\n\n" vault login -no-print -method=github -path=/$${AUTH_PATH} token="$${GITHUB_TOKEN}"