shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: remove coder_secret Terraform integration (#25512)

Browse Source 
Removes the coder_secret Terraform integration: the data.coder_secret
consumption path through provisionerdserver → provisioner.proto →
provisioner/terraform, the dynamic-parameter secret-requirement
validation, and the workspace-update / resolve-autostart surfaces that
depended on it. This is being done due to a product/feature direction
change (see PLAT-243). User-secret CRUD (DB, REST, CLI, UI, telemetry, audit)
and the agent-manifest secret-injection path are untouched.

The provisionerd API is bumped from v1.17 to v1.18 rather than rolled
back: v1.17 shipped in v2.33.x, so user_secrets field numbers are
reserved and the changelog documents both versions.

Generated with assistance from Coder Agents.
This commit is contained in:
Zach
2026-05-21 09:19:29 -06:00
committed by GitHub
parent 26a0805dcd
commit ddc0e99c69
45 changed files with 835 additions and 3859 deletions
Download Patch File Download Diff File Expand all files Collapse all files
provisionersdk/proto/provisioner.pb.go
Generated
+369 -485
View File
File diff suppressed because it is too large Load Diff
provisionersdk/proto/provisioner.proto
+3 -28
View File
@@ -422,29 +422,6 @@ message InitComplete {
bytes module_files_hash = 5;
}
// UserSecretValue carries a single user secret to a provisioner. env_name and
// file_path describe the bindings the user requested when creating the secret.
// The terraform provisioner exposes secrets via CODER_SECRET_ENV_* and
// CODER_SECRET_FILE_* environment variables consumed by terraform-provider-coder's
// coder_secret data source
message UserSecretValue {
// Environment variable name the user selected (e.g. "GITHUB_TOKEN"). Intended
// to be treated as an opaque lookup key, i.e. consumers must preserve it
// verbatim when matching against a data.coder_secret.env_name attribute.
// Consumers can assume names are POSIX-compliant. Optional: env_name and
// file_path are independent.
string env_name = 1;
// Filesystem path the user requested this secret be bound to (e.g. "~/creds"
// or "/etc/creds"). This path is not expanded. Expansion happens only where
// the secret is actually materialized on disk. Intended to be treated as an
// opaque lookup key, i.e. consumers must preserve it verbatim when matching
// against a data.coder_secret.file attribute. Optional; env_name and
// file_path are independent.
string file_path = 2;
// Secret value, which may be arbitrary binary data.
bytes value = 3;
}
// PlanRequest asks the provisioner to plan what resources & parameters it will create
message PlanRequest {
Metadata metadata = 1;
@@ -456,11 +433,9 @@ message PlanRequest {
// state is the provisioner state (if any)
bytes state = 6;
// User secrets to make available during plan. Not carried on ApplyRequest
// because plan evaluates data.coder_secret references and bakes the
// resolved values into plan state, so apply does not need the raw secrets.
// Provisioner-specific handling is documented on the UserSecretValue message.
repeated UserSecretValue user_secrets = 7;
// Reserved 7 for `user_secrets` introduced in v1.17 (#24542) and removed
// in v1.18 along with the rest of the `coder_secret` Terraform integration.
reserved 7;
}
// PlanComplete indicates a request to plan completed.