From 5a7e3f6ca4732aa25e35b635d2459428f844a3c0 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Fri, 9 Feb 2024 21:16:41 +0300 Subject: [PATCH 1/8] Add Hashicorp Vault Secrets Integration module (#144) --- hcp-vault-secrets/README.md | 68 +++++++++++++++++++++++++++++++++++++ hcp-vault-secrets/main.tf | 67 ++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+) create mode 100644 hcp-vault-secrets/README.md create mode 100644 hcp-vault-secrets/main.tf diff --git a/hcp-vault-secrets/README.md b/hcp-vault-secrets/README.md new file mode 100644 index 0000000..c45cff6 --- /dev/null +++ b/hcp-vault-secrets/README.md @@ -0,0 +1,68 @@ +--- +display_name: "HCP Vault Secrets" +description: "Fetch secrets from HCP Vault" +icon: ../.icons/vault.svg +maintainer_github: coder +partner_github: hashicorp +verified: true +tags: [helper, integration, vault, hashicorp, hvs] +--- + +# HCP Vault Secrets + +This module lets you fetch all or selective secrets from a [HCP Vault Secrets](https://developer.hashicorp.com/hcp/docs/vault-secrets) app into your [Coder](https://coder.com) workspaces. It makes use of the [`hcp_vault_secrets_app`](https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/data-sources/vault_secrets_app) data source from the [HCP provider](https://registry.terraform.io/providers/hashicorp/hcp/latest). + +```tf +module "vault" { + source = "registry.coder.com/modules/hcp-vault-secrets/coder" + version = "1.0.3" + agent_id = coder_agent.example.id + app_name = "demo-app" +} +``` + +## Configuration + +To configure the HCP Vault Secrets module, you must create an HCP Service Principal from the HCP Vault Secrets app in the HCP console. This will give you the `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` that you need to authenticate with HCP Vault Secrets. See the [HCP Vault Secrets documentation](https://developer.hashicorp.com/hcp/docs/vault-secrets) for more information. + +## Fetch All Secrets + +To fetch all secrets from the HCP Vault Secrets app, skip the `secrets` input. + +```tf +module "vault" { + source = "registry.coder.com/modules/hcp-vault-secrets/coder" + version = "1.0.3" + agent_id = coder_agent.example.id + app_name = "demo-app" +} +``` + +## Fetch Selective Secrets + +To fetch selective secrets from the HCP Vault Secrets app, set the `secrets` input. + +```tf +module "vault" { + source = "registry.coder.com/modules/hcp-vault-secrets/coder" + version = "1.0.3" + agent_id = coder_agent.example.id + app_name = "demo-app" + secrets = ["MY_SECRET_1", "MY_SECRET_2"] +} +``` + +## Set Client ID and Client Secret as Inputs + +Set `client_id` and `client_secret` as module inputs. + +```tf +module "vault" { + source = "registry.coder.com/modules/hcp-vault-secrets/coder" + version = "1.0.3" + agent_id = coder_agent.example.id + app_name = "demo-app" + client_id = "HCP_CLIENT_ID" + client_secret = "HCP_CLIENT_SECRET" +} +``` diff --git a/hcp-vault-secrets/main.tf b/hcp-vault-secrets/main.tf new file mode 100644 index 0000000..40ab283 --- /dev/null +++ b/hcp-vault-secrets/main.tf @@ -0,0 +1,67 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + coder = { + source = "coder/coder" + version = ">= 0.12.4" + } + hcp = { + source = "hashicorp/hcp" + version = ">= 0.82.0" + } + } +} + +provider "hcp" { + client_id = var.client_id + client_secret = var.client_secret +} + +provider "coder" {} + +variable "agent_id" { + type = string + description = "The ID of a Coder agent." +} + +variable "client_id" { + type = string + description = <<-EOF + The client ID for the HCP Vault Secrets service principal. (Optional if HCP_CLIENT_ID is set as an environment variable.) + EOF + default = null + sensitive = true +} + +variable "client_secret" { + type = string + description = <<-EOF + The client secret for the HCP Vault Secrets service principal. (Optional if HCP_CLIENT_SECRET is set as an environment variable.) + EOF + default = null + sensitive = true +} + +variable "app_name" { + type = string + description = "The name of the secrets app in HCP Vault Secrets" +} + +variable "secrets" { + type = list(string) + description = "The names of the secrets to retrieve from HCP Vault Secrets" + default = null +} + +data "hcp_vault_secrets_app" "secrets" { + app_name = var.app_name +} + +resource "coder_env" "hvs_secrets" { + # https://support.hashicorp.com/hc/en-us/articles/4538432032787-Variable-has-a-sensitive-value-and-cannot-be-used-as-for-each-arguments + for_each = var.secrets != null ? toset(var.secrets) : nonsensitive(toset(keys(data.hcp_vault_secrets_app.secrets.secrets))) + agent_id = var.agent_id + name = each.key + value = data.hcp_vault_secrets_app.secrets.secrets[each.key] +} \ No newline at end of file From 4c993d342d4856ccdde23a190b0f928ad8f70cea Mon Sep 17 00:00:00 2001 From: Florian Gareis Date: Fri, 9 Feb 2024 19:17:32 +0100 Subject: [PATCH 2/8] Fix code-server docu (#147) --- code-server/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/code-server/README.md b/code-server/README.md index 42c04d6..f555725 100644 --- a/code-server/README.md +++ b/code-server/README.md @@ -56,7 +56,7 @@ Enter the `.` into the extensions array and code-server will autom Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarted/settings#_settingsjson) file: ```tf -module "settings" { +module "code-server" { source = "registry.coder.com/modules/code-server/coder" version = "1.0.2" agent_id = coder_agent.example.id @@ -72,7 +72,7 @@ module "settings" { Just run code-server in the background, don't fetch it from GitHub: ```tf -module "settings" { +module "code-server" { source = "registry.coder.com/modules/code-server/coder" version = "1.0.2" agent_id = coder_agent.example.id @@ -85,7 +85,7 @@ module "settings" { Just run code-server in the background, don't fetch it from GitHub: ```tf -module "settings" { +module "code-server" { source = "registry.coder.com/modules/code-server/coder" version = "1.0.2" agent_id = coder_agent.example.id From cf1807dd5c0f84148cc1cf198bae17d527644fd9 Mon Sep 17 00:00:00 2001 From: Florian Gareis Date: Fri, 9 Feb 2024 19:18:20 +0100 Subject: [PATCH 3/8] Allow custom display name and slug for VS Code Web (#146) --- vscode-web/main.tf | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/vscode-web/main.tf b/vscode-web/main.tf index 1c5e9e7..9932fac 100644 --- a/vscode-web/main.tf +++ b/vscode-web/main.tf @@ -20,6 +20,18 @@ variable "port" { default = 13338 } +variable "display_name" { + type = string + description = "The display name for the VS Code Web application." + default = "VS Code Web" +} + +variable "slug" { + type = string + description = "The slug for the VS Code Web application." + default = "vscode-web" +} + variable "folder" { type = string description = "The folder to open in vscode-web." @@ -71,8 +83,8 @@ resource "coder_script" "vscode-web" { resource "coder_app" "vscode-web" { agent_id = var.agent_id - slug = "vscode-web" - display_name = "VS Code Web" + slug = var.slug + display_name = var.display_name url = var.folder == "" ? "http://localhost:${var.port}" : "http://localhost:${var.port}?folder=${var.folder}" icon = "/icon/code.svg" subdomain = true From 3227a470449cef7306c77b3e365792e1bd3aa7d5 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Fri, 9 Feb 2024 21:19:29 +0300 Subject: [PATCH 4/8] fix(jetbrains-gateway): fix readme to include `agent_name` (#151) --- jetbrains-gateway/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jetbrains-gateway/README.md b/jetbrains-gateway/README.md index 2c8c91e..a176fc9 100644 --- a/jetbrains-gateway/README.md +++ b/jetbrains-gateway/README.md @@ -16,6 +16,7 @@ module "jetbrains_gateway" { source = "registry.coder.com/modules/jetbrains-gateway/coder" version = "1.0.2" agent_id = coder_agent.example.id + agent_name = "example" folder = "/home/coder/example" jetbrains_ides = ["GO", "WS", "IU", "PY", "PS", "CL", "RM"] default = "PY" @@ -33,6 +34,7 @@ module "jetbrains_gateway" { source = "registry.coder.com/modules/jetbrains-gateway/coder" version = "1.0.2" agent_id = coder_agent.example.id + agent_name = "example" folder = "/home/coder/example" jetbrains_ides = ["GO", "WS"] default = "GO" From a5c4d00a01806a18a04eaf864844937b4213d2f0 Mon Sep 17 00:00:00 2001 From: Phorcys <57866459+phorcys420@users.noreply.github.com> Date: Fri, 9 Feb 2024 22:20:05 +0100 Subject: [PATCH 5/8] fix(git-commit-signing): fix SSH key permissions (#152) --- git-commit-signing/run.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/git-commit-signing/run.sh b/git-commit-signing/run.sh index d757179..6f1941f 100755 --- a/git-commit-signing/run.sh +++ b/git-commit-signing/run.sh @@ -31,8 +31,8 @@ jq --raw-output ".private_key" > ~/.ssh/git-commit-signing/coder << EOF $ssh_key EOF -chmod -R 400 ~/.ssh/git-commit-signing/coder -chmod -R 400 ~/.ssh/git-commit-signing/coder.pub +chmod -R 600 ~/.ssh/git-commit-signing/coder +chmod -R 644 ~/.ssh/git-commit-signing/coder.pub echo "Configuring git to use the SSH key" From aef9b3b116b826191176ce08528207740e302558 Mon Sep 17 00:00:00 2001 From: Andrew Svoboda Date: Mon, 12 Feb 2024 14:16:31 +0000 Subject: [PATCH 6/8] Add build numbers and versions to jetbrains gateway module (#150) --- jetbrains-gateway/main.tf | 71 +++++++++++++++++++++++++++++++++------ 1 file changed, 61 insertions(+), 10 deletions(-) diff --git a/jetbrains-gateway/main.tf b/jetbrains-gateway/main.tf index c108f61..af2a0ea 100644 --- a/jetbrains-gateway/main.tf +++ b/jetbrains-gateway/main.tf @@ -30,17 +30,68 @@ variable "default" { description = "Default IDE" } +locals { + supported_ides = ["IU", "PS", "WS", "PY", "CL", "GO", "RM"] +} + +variable "jetbrains_ide_versions" { + type = map(object({ + build_number = string + version = string + })) + description = "The set of versions for each jetbrains IDE" + default = { + "IU" = { + build_number = "232.10203.10" + version = "2023.2.4" + } + "PS" = { + build_number = "232.10072.32" + version = "2023.2.3" + } + "WS" = { + build_number = "232.10203.14" + version = "2023.2.4" + } + "PY" = { + build_number = "232.10203.26" + version = "2023.2.4" + } + "CL" = { + build_number = "232.9921.42" + version = "2023.2.2" + } + "GO" = { + build_number = "232.10203.20" + version = "2023.2.4" + } + "RM" = { + build_number = "232.10203.15" + version = "2023.2.4" + } + + } + validation { + condition = ( + alltrue([ + for code in var.jetbrains_ide_versions : contains(local.supported_ides, code) + ]) + ) + error_message = "The jetbrains_ide_versions must contain a map of valid product codes. Valid product codes are ${join(",", local.supported_ides)}." + } +} + variable "jetbrains_ides" { type = list(string) description = "The list of IDE product codes." - default = ["IU", "PS", "WS", "PY", "CL", "GO", "RM"] + default = local.supported_ides validation { condition = ( alltrue([ - for code in var.jetbrains_ides : contains(["IU", "PS", "WS", "PY", "CL", "GO", "RM"], code) + for code in var.jetbrains_ides : contains(local.supported_ides, code) ]) ) - error_message = "The jetbrains_ides must be a list of valid product codes. Valid product codes are IU, PS, WS, PY, CL, GO, RM." + error_message = "The jetbrains_ides must be a list of valid product codes. Valid product codes are ${join(",", local.supported_ides)}." } # check if the list is empty validation { @@ -59,37 +110,37 @@ locals { "GO" = { icon = "/icon/goland.svg", name = "GoLand", - value = jsonencode(["GO", "232.10203.20", "https://download.jetbrains.com/go/goland-2023.2.4.tar.gz"]) + value = jsonencode(["GO", var.jetbrains_ide_versions["GO"].build_number, "https://download.jetbrains.com/go/goland-${var.jetbrains_ide_versions["GO"].version}.tar.gz"]) }, "WS" = { icon = "/icon/webstorm.svg", name = "WebStorm", - value = jsonencode(["WS", "232.10203.14", "https://download.jetbrains.com/webstorm/WebStorm-2023.2.4.tar.gz"]) + value = jsonencode(["WS", var.jetbrains_ide_versions["WS"].build_number, "https://download.jetbrains.com/webstorm/WebStorm-${var.jetbrains_ide_versions["WS"].version}.tar.gz"]) }, "IU" = { icon = "/icon/intellij.svg", name = "IntelliJ IDEA Ultimate", - value = jsonencode(["IU", "232.10203.10", "https://download.jetbrains.com/idea/ideaIU-2023.2.4.tar.gz"]) + value = jsonencode(["IU", var.jetbrains_ide_versions["IU"].build_number, "https://download.jetbrains.com/idea/ideaIU-${var.jetbrains_ide_versions["IU"].version}.tar.gz"]) }, "PY" = { icon = "/icon/pycharm.svg", name = "PyCharm Professional", - value = jsonencode(["PY", "232.10203.26", "https://download.jetbrains.com/python/pycharm-professional-2023.2.4.tar.gz"]) + value = jsonencode(["PY", var.jetbrains_ide_versions["PY"].build_number, "https://download.jetbrains.com/python/pycharm-professional-${var.jetbrains_ide_versions["PY"].version}.tar.gz"]) }, "CL" = { icon = "/icon/clion.svg", name = "CLion", - value = jsonencode(["CL", "232.9921.42", "https://download.jetbrains.com/cpp/CLion-2023.2.2.tar.gz"]) + value = jsonencode(["CL", var.jetbrains_ide_versions["CL"].build_number, "https://download.jetbrains.com/cpp/CLion-${var.jetbrains_ide_versions["CL"].version}.tar.gz"]) }, "PS" = { icon = "/icon/phpstorm.svg", name = "PhpStorm", - value = jsonencode(["PS", "232.10072.32", "https://download.jetbrains.com/webide/PhpStorm-2023.2.3.tar.gz"]) + value = jsonencode(["PS", var.jetbrains_ide_versions["PS"].build_number, "https://download.jetbrains.com/webide/PhpStorm-${var.jetbrains_ide_versions["PS"].version}.tar.gz"]) }, "RM" = { icon = "/icon/rubymine.svg", name = "RubyMine", - value = jsonencode(["RM", "232.10203.15", "https://download.jetbrains.com/ruby/RubyMine-2023.2.4.tar.gz"]) + value = jsonencode(["RM", var.jetbrains_ide_versions["RM"].build_number, "https://download.jetbrains.com/ruby/RubyMine-${var.jetbrains_ide_versions["RM"].version}.tar.gz"]) } } } From ac54966f5e04c19a0210a3578eeaa82c541f1998 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Mon, 12 Feb 2024 17:18:13 +0300 Subject: [PATCH 7/8] feat!(git-config): use full name for git configuration (#141) --- git-config/README.md | 6 +++--- git-config/main.test.ts | 43 ----------------------------------------- git-config/main.tf | 37 +++++++++++++++++++++++------------ git-config/run.sh | 24 ----------------------- 4 files changed, 28 insertions(+), 82 deletions(-) delete mode 100644 git-config/main.test.ts delete mode 100644 git-config/run.sh diff --git a/git-config/README.md b/git-config/README.md index 3044c4e..9b76658 100644 --- a/git-config/README.md +++ b/git-config/README.md @@ -14,7 +14,7 @@ Runs a script that updates git credentials in the workspace to match the user's ```tf module "git-config" { source = "registry.coder.com/modules/git-config/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id } ``` @@ -28,7 +28,7 @@ TODO: Add screenshot ```tf module "git-config" { source = "registry.coder.com/modules/git-config/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id allow_email_change = true } @@ -41,7 +41,7 @@ TODO: Add screenshot ```tf module "git-config" { source = "registry.coder.com/modules/git-config/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id allow_username_change = false allow_email_change = false diff --git a/git-config/main.test.ts b/git-config/main.test.ts deleted file mode 100644 index 6fbdbc5..0000000 --- a/git-config/main.test.ts +++ /dev/null @@ -1,43 +0,0 @@ -import { describe, expect, it } from "bun:test"; -import { - executeScriptInContainer, - runTerraformApply, - runTerraformInit, - testRequiredVariables, -} from "../test"; - -describe("git-config", async () => { - await runTerraformInit(import.meta.dir); - - testRequiredVariables(import.meta.dir, { - agent_id: "foo", - }); - - it("fails without git", async () => { - const state = await runTerraformApply(import.meta.dir, { - agent_id: "foo", - }); - const output = await executeScriptInContainer(state, "alpine"); - expect(output.exitCode).toBe(1); - expect(output.stdout).toEqual([ - "\u001B[0;1mChecking git-config!", - "Git is not installed!", - ]); - }); - - it("runs with git", async () => { - const state = await runTerraformApply(import.meta.dir, { - agent_id: "foo", - }); - const output = await executeScriptInContainer(state, "alpine/git"); - expect(output.exitCode).toBe(0); - expect(output.stdout).toEqual([ - "\u001B[0;1mChecking git-config!", - "git-config: No user.email found, setting to ", - "git-config: No user.name found, setting to default", - "", - "\u001B[0;1mgit-config: using email: ", - "\u001B[0;1mgit-config: using username: default", - ]); - }); -}); diff --git a/git-config/main.tf b/git-config/main.tf index 55d9cca..d92a0b7 100644 --- a/git-config/main.tf +++ b/git-config/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { coder = { source = "coder/coder" - version = ">= 0.12" + version = ">= 0.13" } } } @@ -34,7 +34,7 @@ data "coder_parameter" "user_email" { name = "user_email" type = "string" default = "" - description = "Git user.email to be used for commits. Leave empty to default to Coder username." + description = "Git user.email to be used for commits. Leave empty to default to Coder user's email." display_name = "Git config user.email" mutable = true } @@ -44,18 +44,31 @@ data "coder_parameter" "username" { name = "username" type = "string" default = "" - description = "Git user.name to be used for commits. Leave empty to default to Coder username." - display_name = "Git config user.name" + description = "Git user.name to be used for commits. Leave empty to default to Coder user's Full Name." + display_name = "Full Name for Git config" mutable = true } -resource "coder_script" "git_config" { +resource "coder_env" "git_author_name" { agent_id = var.agent_id - script = templatefile("${path.module}/run.sh", { - GIT_USERNAME = try(data.coder_parameter.username[0].value, "") == "" ? data.coder_workspace.me.owner : try(data.coder_parameter.username[0].value, "") - GIT_EMAIL = try(data.coder_parameter.user_email[0].value, "") == "" ? data.coder_workspace.me.owner_email : try(data.coder_parameter.user_email[0].value, "") - }) - display_name = "Git Config" - icon = "/icon/git.svg" - run_on_start = true + name = "GIT_AUTHOR_NAME" + value = coalesce(try(data.coder_parameter.username[0].value, ""), data.coder_workspace.me.owner_name, data.coder_workspace.me.owner) +} + +resource "coder_env" "git_commmiter_name" { + agent_id = var.agent_id + name = "GIT_COMMITTER_NAME" + value = coalesce(try(data.coder_parameter.username[0].value, ""), data.coder_workspace.me.owner_name, data.coder_workspace.me.owner) +} + +resource "coder_env" "git_author_email" { + agent_id = var.agent_id + name = "GIT_AUTHOR_EMAIL" + value = coalesce(try(data.coder_parameter.user_email[0].value, ""), data.coder_workspace.me.owner_email) +} + +resource "coder_env" "git_commmiter_email" { + agent_id = var.agent_id + name = "GIT_COMMITTER_EMAIL" + value = coalesce(try(data.coder_parameter.user_email[0].value, ""), data.coder_workspace.me.owner_email) } diff --git a/git-config/run.sh b/git-config/run.sh deleted file mode 100644 index 36dc768..0000000 --- a/git-config/run.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env sh - -BOLD='\033[0;1m' -printf "$${BOLD}Checking git-config!\n" - -# Check if git is installed -command -v git > /dev/null 2>&1 || { - echo "Git is not installed!" - exit 1 -} - -# Set git username and email if missing -if [ -z $(git config --get user.email) ]; then - printf "git-config: No user.email found, setting to ${GIT_EMAIL}\n" - git config --global user.email "${GIT_EMAIL}" -fi - -if [ -z $(git config --get user.name) ]; then - printf "git-config: No user.name found, setting to ${GIT_USERNAME}\n" - git config --global user.name "${GIT_USERNAME}" -fi - -printf "\n$${BOLD}git-config: using email: $(git config --get user.email)\n" -printf "$${BOLD}git-config: using username: $(git config --get user.name)\n\n" From 7e897a51e641d4ee4191c869197c3a141085f9ac Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 13 Feb 2024 12:18:23 +0300 Subject: [PATCH 8/8] chore(vault-github): Add partner github and tests (#142) --- vault-github/README.md | 13 +++++++------ vault-github/main.test.ts | 11 +++++++++++ vault-github/main.tf | 1 - vault-github/run.sh | 3 --- 4 files changed, 18 insertions(+), 10 deletions(-) create mode 100644 vault-github/main.test.ts diff --git a/vault-github/README.md b/vault-github/README.md index 99bdb78..6919d8a 100644 --- a/vault-github/README.md +++ b/vault-github/README.md @@ -3,6 +3,7 @@ display_name: Hashicorp Vault Integration (GitHub) description: Authenticates with Vault using GitHub icon: ../.icons/vault.svg maintainer_github: coder +partner_github: hashicorp verified: true tags: [helper, integration, vault, github] --- @@ -14,7 +15,7 @@ This module lets you authenticate with [Hashicorp Vault](https://www.vaultprojec ```tf module "vault" { source = "registry.coder.com/modules/vault-github/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id vault_addr = "https://vault.example.com" } @@ -23,13 +24,13 @@ module "vault" { Then you can use the Vault CLI in your workspaces to fetch secrets from Vault: ```shell -vault kv get -mount=secret my-secret +vault kv get -mount=coder my-secret ``` or using the Vault API: ```shell -curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/secret/data/my-secret" +curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/data/my-secret" ``` ![Vault login](../.images/vault-login.png) @@ -45,7 +46,7 @@ To configure the Vault module, you must set up a Vault GitHub auth method. See t ```tf module "vault" { source = "registry.coder.com/modules/vault-github/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id vault_addr = "https://vault.example.com" coder_github_auth_id = "my-github-auth-id" @@ -57,7 +58,7 @@ module "vault" { ```tf module "vault" { source = "registry.coder.com/modules/vault-github/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id vault_addr = "https://vault.example.com" coder_github_auth_id = "my-github-auth-id" @@ -70,7 +71,7 @@ module "vault" { ```tf module "vault" { source = "registry.coder.com/modules/vault-github/coder" - version = "1.0.2" + version = "1.0.3" agent_id = coder_agent.example.id vault_addr = "https://vault.example.com" vault_cli_version = "1.15.0" diff --git a/vault-github/main.test.ts b/vault-github/main.test.ts new file mode 100644 index 0000000..91ad50b --- /dev/null +++ b/vault-github/main.test.ts @@ -0,0 +1,11 @@ +import { describe } from "bun:test"; +import { runTerraformInit, testRequiredVariables } from "../test"; + +describe("vault-token", async () => { + await runTerraformInit(import.meta.dir); + + testRequiredVariables(import.meta.dir, { + agent_id: "foo", + vault_addr: "foo", + }); +}); diff --git a/vault-github/main.tf b/vault-github/main.tf index f059b3a..286025a 100644 --- a/vault-github/main.tf +++ b/vault-github/main.tf @@ -49,7 +49,6 @@ resource "coder_script" "vault" { display_name = "Vault (GitHub)" icon = "/icon/vault.svg" script = templatefile("${path.module}/run.sh", { - VAULT_ADDR : var.vault_addr, AUTH_PATH : var.vault_github_auth_path, GITHUB_EXTERNAL_AUTH_ID : data.coder_external_auth.github.id, INSTALL_VERSION : var.vault_cli_version, diff --git a/vault-github/run.sh b/vault-github/run.sh index 383ad9f..0f54a95 100644 --- a/vault-github/run.sh +++ b/vault-github/run.sh @@ -2,7 +2,6 @@ # Convert all templated variables to shell variables INSTALL_VERSION=${INSTALL_VERSION} -VAULT_ADDR=${VAULT_ADDR} GITHUB_EXTERNAL_AUTH_ID=${GITHUB_EXTERNAL_AUTH_ID} AUTH_PATH=${AUTH_PATH} @@ -92,8 +91,6 @@ if [ $? -ne 0 ]; then exit 1 fi -export VAULT_ADDR="$${VAULT_ADDR}" - # Login to vault using the GitHub token printf "🔑 Logging in to Vault ...\n\n" vault login -no-print -method=github -path=/$${AUTH_PATH} token="$${GITHUB_TOKEN}"