diff --git a/code-server/README.md b/code-server/README.md index 42c04d6..f555725 100644 --- a/code-server/README.md +++ b/code-server/README.md @@ -56,7 +56,7 @@ Enter the `.` into the extensions array and code-server will autom Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarted/settings#_settingsjson) file: ```tf -module "settings" { +module "code-server" { source = "registry.coder.com/modules/code-server/coder" version = "1.0.2" agent_id = coder_agent.example.id @@ -72,7 +72,7 @@ module "settings" { Just run code-server in the background, don't fetch it from GitHub: ```tf -module "settings" { +module "code-server" { source = "registry.coder.com/modules/code-server/coder" version = "1.0.2" agent_id = coder_agent.example.id @@ -85,7 +85,7 @@ module "settings" { Just run code-server in the background, don't fetch it from GitHub: ```tf -module "settings" { +module "code-server" { source = "registry.coder.com/modules/code-server/coder" version = "1.0.2" agent_id = coder_agent.example.id diff --git a/git-commit-signing/run.sh b/git-commit-signing/run.sh index d757179..6f1941f 100755 --- a/git-commit-signing/run.sh +++ b/git-commit-signing/run.sh @@ -31,8 +31,8 @@ jq --raw-output ".private_key" > ~/.ssh/git-commit-signing/coder << EOF $ssh_key EOF -chmod -R 400 ~/.ssh/git-commit-signing/coder -chmod -R 400 ~/.ssh/git-commit-signing/coder.pub +chmod -R 600 ~/.ssh/git-commit-signing/coder +chmod -R 644 ~/.ssh/git-commit-signing/coder.pub echo "Configuring git to use the SSH key" diff --git a/hcp-vault-secrets/README.md b/hcp-vault-secrets/README.md new file mode 100644 index 0000000..c45cff6 --- /dev/null +++ b/hcp-vault-secrets/README.md @@ -0,0 +1,68 @@ +--- +display_name: "HCP Vault Secrets" +description: "Fetch secrets from HCP Vault" +icon: ../.icons/vault.svg +maintainer_github: coder +partner_github: hashicorp +verified: true +tags: [helper, integration, vault, hashicorp, hvs] +--- + +# HCP Vault Secrets + +This module lets you fetch all or selective secrets from a [HCP Vault Secrets](https://developer.hashicorp.com/hcp/docs/vault-secrets) app into your [Coder](https://coder.com) workspaces. It makes use of the [`hcp_vault_secrets_app`](https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/data-sources/vault_secrets_app) data source from the [HCP provider](https://registry.terraform.io/providers/hashicorp/hcp/latest). + +```tf +module "vault" { + source = "registry.coder.com/modules/hcp-vault-secrets/coder" + version = "1.0.3" + agent_id = coder_agent.example.id + app_name = "demo-app" +} +``` + +## Configuration + +To configure the HCP Vault Secrets module, you must create an HCP Service Principal from the HCP Vault Secrets app in the HCP console. This will give you the `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` that you need to authenticate with HCP Vault Secrets. See the [HCP Vault Secrets documentation](https://developer.hashicorp.com/hcp/docs/vault-secrets) for more information. + +## Fetch All Secrets + +To fetch all secrets from the HCP Vault Secrets app, skip the `secrets` input. + +```tf +module "vault" { + source = "registry.coder.com/modules/hcp-vault-secrets/coder" + version = "1.0.3" + agent_id = coder_agent.example.id + app_name = "demo-app" +} +``` + +## Fetch Selective Secrets + +To fetch selective secrets from the HCP Vault Secrets app, set the `secrets` input. + +```tf +module "vault" { + source = "registry.coder.com/modules/hcp-vault-secrets/coder" + version = "1.0.3" + agent_id = coder_agent.example.id + app_name = "demo-app" + secrets = ["MY_SECRET_1", "MY_SECRET_2"] +} +``` + +## Set Client ID and Client Secret as Inputs + +Set `client_id` and `client_secret` as module inputs. + +```tf +module "vault" { + source = "registry.coder.com/modules/hcp-vault-secrets/coder" + version = "1.0.3" + agent_id = coder_agent.example.id + app_name = "demo-app" + client_id = "HCP_CLIENT_ID" + client_secret = "HCP_CLIENT_SECRET" +} +``` diff --git a/hcp-vault-secrets/main.tf b/hcp-vault-secrets/main.tf new file mode 100644 index 0000000..40ab283 --- /dev/null +++ b/hcp-vault-secrets/main.tf @@ -0,0 +1,67 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + coder = { + source = "coder/coder" + version = ">= 0.12.4" + } + hcp = { + source = "hashicorp/hcp" + version = ">= 0.82.0" + } + } +} + +provider "hcp" { + client_id = var.client_id + client_secret = var.client_secret +} + +provider "coder" {} + +variable "agent_id" { + type = string + description = "The ID of a Coder agent." +} + +variable "client_id" { + type = string + description = <<-EOF + The client ID for the HCP Vault Secrets service principal. (Optional if HCP_CLIENT_ID is set as an environment variable.) + EOF + default = null + sensitive = true +} + +variable "client_secret" { + type = string + description = <<-EOF + The client secret for the HCP Vault Secrets service principal. (Optional if HCP_CLIENT_SECRET is set as an environment variable.) + EOF + default = null + sensitive = true +} + +variable "app_name" { + type = string + description = "The name of the secrets app in HCP Vault Secrets" +} + +variable "secrets" { + type = list(string) + description = "The names of the secrets to retrieve from HCP Vault Secrets" + default = null +} + +data "hcp_vault_secrets_app" "secrets" { + app_name = var.app_name +} + +resource "coder_env" "hvs_secrets" { + # https://support.hashicorp.com/hc/en-us/articles/4538432032787-Variable-has-a-sensitive-value-and-cannot-be-used-as-for-each-arguments + for_each = var.secrets != null ? toset(var.secrets) : nonsensitive(toset(keys(data.hcp_vault_secrets_app.secrets.secrets))) + agent_id = var.agent_id + name = each.key + value = data.hcp_vault_secrets_app.secrets.secrets[each.key] +} \ No newline at end of file diff --git a/jetbrains-gateway/README.md b/jetbrains-gateway/README.md index 2c8c91e..a176fc9 100644 --- a/jetbrains-gateway/README.md +++ b/jetbrains-gateway/README.md @@ -16,6 +16,7 @@ module "jetbrains_gateway" { source = "registry.coder.com/modules/jetbrains-gateway/coder" version = "1.0.2" agent_id = coder_agent.example.id + agent_name = "example" folder = "/home/coder/example" jetbrains_ides = ["GO", "WS", "IU", "PY", "PS", "CL", "RM"] default = "PY" @@ -33,6 +34,7 @@ module "jetbrains_gateway" { source = "registry.coder.com/modules/jetbrains-gateway/coder" version = "1.0.2" agent_id = coder_agent.example.id + agent_name = "example" folder = "/home/coder/example" jetbrains_ides = ["GO", "WS"] default = "GO" diff --git a/vscode-web/main.tf b/vscode-web/main.tf index 1c5e9e7..9932fac 100644 --- a/vscode-web/main.tf +++ b/vscode-web/main.tf @@ -20,6 +20,18 @@ variable "port" { default = 13338 } +variable "display_name" { + type = string + description = "The display name for the VS Code Web application." + default = "VS Code Web" +} + +variable "slug" { + type = string + description = "The slug for the VS Code Web application." + default = "vscode-web" +} + variable "folder" { type = string description = "The folder to open in vscode-web." @@ -71,8 +83,8 @@ resource "coder_script" "vscode-web" { resource "coder_app" "vscode-web" { agent_id = var.agent_id - slug = "vscode-web" - display_name = "VS Code Web" + slug = var.slug + display_name = var.display_name url = var.folder == "" ? "http://localhost:${var.port}" : "http://localhost:${var.port}?folder=${var.folder}" icon = "/icon/code.svg" subdomain = true