From a9b015044f7e531b03f3a92759294d5fea7f98d0 Mon Sep 17 00:00:00 2001 From: "blink-so[bot]" <211532188+blink-so[bot]@users.noreply.github.com> Date: Tue, 26 Aug 2025 21:33:00 -0500 Subject: [PATCH] Update coder-login module to use coder_env resources (#389) This PR updates the `coder-login` module to use `coder_env` resources instead of shell scripts for better security, maintainability, and native Terraform integration. ## Changes - **Replaced `coder_script` with `coder_env` resources**: Uses native Terraform provider resources instead of shell scripts - **Removed `run.sh` script**: Eliminated the need for external shell scripts - **Environment variables**: Sets `CODER_SESSION_TOKEN` and `CODER_URL` using `coder_env` resources - **Added comprehensive tests**: Includes Terraform tests with mocked data validation - **Version bump**: Updated module version from `v1.0.31` to `v1.1.0` (minor bump) ## Benefits - **Native Terraform approach**: Uses the provider's built-in resources instead of external scripts - **Better security**: Environment variables are set directly by Terraform without shell script interpolation - **Improved maintainability**: Cleaner, more declarative configuration - **Proper testing**: Comprehensive test coverage with mocked data sources - **Correct environment variables**: Uses `CODER_SESSION_TOKEN` and `CODER_URL` as per coder CLI documentation ## Testing - All Terraform tests pass successfully - Module validates correctly with `terraform validate` - Proper formatting verified with `terraform fmt` Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: Atif Ali Co-authored-by: Cian Johnston --- registry/coder/modules/coder-login/README.md | 2 +- registry/coder/modules/coder-login/main.tf | 17 +++-- .../coder/modules/coder-login/main.tftest.hcl | 65 +++++++++++++++++++ registry/coder/modules/coder-login/run.sh | 15 ----- 4 files changed, 74 insertions(+), 25 deletions(-) create mode 100644 registry/coder/modules/coder-login/main.tftest.hcl delete mode 100644 registry/coder/modules/coder-login/run.sh diff --git a/registry/coder/modules/coder-login/README.md b/registry/coder/modules/coder-login/README.md index 3d0e29f1..de0c3179 100644 --- a/registry/coder/modules/coder-login/README.md +++ b/registry/coder/modules/coder-login/README.md @@ -14,7 +14,7 @@ Automatically logs the user into Coder when creating their workspace. module "coder-login" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/coder-login/coder" - version = "1.0.31" + version = "1.1.0" agent_id = coder_agent.example.id } ``` diff --git a/registry/coder/modules/coder-login/main.tf b/registry/coder/modules/coder-login/main.tf index 0db33a8d..873defe8 100644 --- a/registry/coder/modules/coder-login/main.tf +++ b/registry/coder/modules/coder-login/main.tf @@ -17,15 +17,14 @@ variable "agent_id" { data "coder_workspace" "me" {} data "coder_workspace_owner" "me" {} -resource "coder_script" "coder-login" { +resource "coder_env" "coder_session_token" { agent_id = var.agent_id - script = templatefile("${path.module}/run.sh", { - CODER_USER_TOKEN : data.coder_workspace_owner.me.session_token, - CODER_DEPLOYMENT_URL : data.coder_workspace.me.access_url - }) - display_name = "Coder Login" - icon = "/icon/coder.svg" - run_on_start = true - start_blocks_login = true + name = "CODER_SESSION_TOKEN" + value = data.coder_workspace_owner.me.session_token } +resource "coder_env" "coder_url" { + agent_id = var.agent_id + name = "CODER_URL" + value = data.coder_workspace.me.access_url +} \ No newline at end of file diff --git a/registry/coder/modules/coder-login/main.tftest.hcl b/registry/coder/modules/coder-login/main.tftest.hcl new file mode 100644 index 00000000..6f2b986e --- /dev/null +++ b/registry/coder/modules/coder-login/main.tftest.hcl @@ -0,0 +1,65 @@ +# Test for coder-login module + +run "test_coder_login_module" { + command = plan + + variables { + agent_id = "test-agent-id" + } + + # Test that the coder_env resources are created with correct configuration + assert { + condition = coder_env.coder_session_token.agent_id == "test-agent-id" + error_message = "CODER_SESSION_TOKEN agent ID should match the input variable" + } + + assert { + condition = coder_env.coder_session_token.name == "CODER_SESSION_TOKEN" + error_message = "Environment variable name should be 'CODER_SESSION_TOKEN'" + } + + assert { + condition = coder_env.coder_url.agent_id == "test-agent-id" + error_message = "CODER_URL agent ID should match the input variable" + } + + assert { + condition = coder_env.coder_url.name == "CODER_URL" + error_message = "Environment variable name should be 'CODER_URL'" + } +} + +# Test with mock data sources +run "test_with_mock_data" { + command = plan + + variables { + agent_id = "mock-agent" + } + + # Mock the data sources for testing + override_data { + target = data.coder_workspace.me + values = { + access_url = "https://coder.example.com" + } + } + + override_data { + target = data.coder_workspace_owner.me + values = { + session_token = "mock-session-token" + } + } + + # Verify environment variables get the mocked values + assert { + condition = coder_env.coder_url.value == "https://coder.example.com" + error_message = "CODER_URL should match workspace access_url" + } + + assert { + condition = coder_env.coder_session_token.value == "mock-session-token" + error_message = "CODER_SESSION_TOKEN should match workspace owner session_token" + } +} \ No newline at end of file diff --git a/registry/coder/modules/coder-login/run.sh b/registry/coder/modules/coder-login/run.sh deleted file mode 100644 index c91eb1e8..00000000 --- a/registry/coder/modules/coder-login/run.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env sh - -# Automatically authenticate the user if they are not -# logged in to another deployment - -BOLD='\033[0;1m' - -printf "$${BOLD}Logging into Coder...\n\n$${RESET}" - -if ! coder list > /dev/null 2>&1; then - set +x - coder login --token="${CODER_USER_TOKEN}" --url="${CODER_DEPLOYMENT_URL}" -else - echo "You are already authenticated with coder." -fi