mirror of
https://github.com/coder/registry.git
synced 2026-06-03 13:08:14 +00:00
Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 35C4n0r
|
f3c24af1db | ||
|
Michael Suchacz
|
143656017e | ||
|
dependabot[bot]
|
88a0ac840f | ||
|
Rowan Smith
|
5f3a559e83 | ||
|
DevCats
|
b4c162d281 | ||
|
Phorcys
|
e58fd5d5da | ||
|
DevCats
|
73a92bea6e | ||
|
DevCats
|
71c84a8bb2 |
@@ -70,21 +70,38 @@ update_readme_version() {
|
||||
if grep -q "source.*${module_source}" "$readme_path"; then
|
||||
echo "Updating version references for $namespace/$module_name in $readme_path"
|
||||
awk -v module_source="$module_source" -v new_version="$new_version" '
|
||||
/source.*=.*/ {
|
||||
if ($0 ~ module_source) {
|
||||
in_target_module = 1
|
||||
} else {
|
||||
in_target_module = 0
|
||||
}
|
||||
/^[[:space:]]*module[[:space:]]/ {
|
||||
in_module_block = 1
|
||||
module_content = $0 "\n"
|
||||
module_has_target_source = 0
|
||||
next
|
||||
}
|
||||
/^[[:space:]]*version[[:space:]]*=/ {
|
||||
if (in_target_module) {
|
||||
match($0, /^[[:space]]*/
|
||||
indent = substr($0, 1, RLENGTH)
|
||||
print indent "version = \"" new_version "\""
|
||||
in_target_module = 0
|
||||
in_module_block {
|
||||
module_content = module_content $0 "\n"
|
||||
if ($0 ~ /source.*=/ && $0 ~ module_source) {
|
||||
module_has_target_source = 1
|
||||
}
|
||||
if ($0 ~ /^[[:space:]]*}[[:space:]]*$/) {
|
||||
in_module_block = 0
|
||||
if (module_has_target_source) {
|
||||
num_lines = split(module_content, lines, "\n")
|
||||
for (i = 1; i <= num_lines; i++) {
|
||||
line = lines[i]
|
||||
if (line ~ /^[[:space:]]*version[[:space:]]*=/) {
|
||||
match(line, /^[[:space:]]*/)
|
||||
indent = substr(line, 1, RLENGTH)
|
||||
printf "%sversion = \"%s\"\n", indent, new_version
|
||||
} else {
|
||||
print line
|
||||
}
|
||||
}
|
||||
} else {
|
||||
printf "%s", module_content
|
||||
}
|
||||
module_content = ""
|
||||
next
|
||||
}
|
||||
next
|
||||
}
|
||||
{ print }
|
||||
' "$readme_path" > "${readme_path}.tmp" && mv "${readme_path}.tmp" "$readme_path"
|
||||
|
||||
@@ -97,7 +97,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: "1.23.2"
|
||||
go-version: "1.24.0"
|
||||
- name: Validate contributors
|
||||
run: go build ./cmd/readmevalidation && ./readmevalidation
|
||||
- name: Remove build file artifact
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
module coder.com/coder-registry
|
||||
|
||||
go 1.23.2
|
||||
go 1.24.0
|
||||
|
||||
require (
|
||||
cdr.dev/slog v1.6.1
|
||||
@@ -20,7 +20,7 @@ require (
|
||||
github.com/rivo/uniseg v0.4.4 // indirect
|
||||
go.opentelemetry.io/otel v1.16.0 // indirect
|
||||
go.opentelemetry.io/otel/trace v1.16.0 // indirect
|
||||
golang.org/x/crypto v0.35.0 // indirect
|
||||
golang.org/x/sys v0.30.0 // indirect
|
||||
golang.org/x/term v0.29.0 // indirect
|
||||
golang.org/x/crypto v0.45.0 // indirect
|
||||
golang.org/x/sys v0.38.0 // indirect
|
||||
golang.org/x/term v0.37.0 // indirect
|
||||
)
|
||||
|
||||
@@ -51,17 +51,17 @@ go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiM
|
||||
go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4=
|
||||
go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
|
||||
go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
|
||||
golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
|
||||
golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
|
||||
golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
|
||||
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
|
||||
golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
|
||||
golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
|
||||
golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
|
||||
golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
|
||||
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
|
||||
golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
|
||||
golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
|
||||
golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
|
||||
golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
|
||||
golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
|
||||
golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
|
||||
golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
|
||||
golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
|
||||
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY=
|
||||
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
|
||||
google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg=
|
||||
|
||||
@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
|
||||
```tf
|
||||
module "claude-code" {
|
||||
source = "registry.coder.com/coder/claude-code/coder"
|
||||
version = "4.1.0"
|
||||
version = "4.2.1"
|
||||
agent_id = coder_agent.example.id
|
||||
workdir = "/home/coder/project"
|
||||
claude_api_key = "xxxx-xxxxx-xxxx"
|
||||
@@ -51,7 +51,7 @@ module "claude-code" {
|
||||
boundary_log_level = "WARN"
|
||||
boundary_additional_allowed_urls = ["GET *google.com"]
|
||||
boundary_proxy_port = "8087"
|
||||
version = "3.4.3"
|
||||
version = "4.2.1"
|
||||
}
|
||||
```
|
||||
|
||||
@@ -70,7 +70,7 @@ data "coder_parameter" "ai_prompt" {
|
||||
|
||||
module "claude-code" {
|
||||
source = "registry.coder.com/coder/claude-code/coder"
|
||||
version = "4.1.0"
|
||||
version = "4.2.1"
|
||||
agent_id = coder_agent.example.id
|
||||
workdir = "/home/coder/project"
|
||||
|
||||
@@ -106,7 +106,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
|
||||
```tf
|
||||
module "claude-code" {
|
||||
source = "registry.coder.com/coder/claude-code/coder"
|
||||
version = "4.1.0"
|
||||
version = "4.2.1"
|
||||
agent_id = coder_agent.example.id
|
||||
workdir = "/home/coder"
|
||||
install_claude_code = true
|
||||
@@ -129,7 +129,7 @@ variable "claude_code_oauth_token" {
|
||||
|
||||
module "claude-code" {
|
||||
source = "registry.coder.com/coder/claude-code/coder"
|
||||
version = "4.1.0"
|
||||
version = "4.2.1"
|
||||
agent_id = coder_agent.example.id
|
||||
workdir = "/home/coder/project"
|
||||
claude_code_oauth_token = var.claude_code_oauth_token
|
||||
@@ -202,7 +202,7 @@ resource "coder_env" "bedrock_api_key" {
|
||||
|
||||
module "claude-code" {
|
||||
source = "registry.coder.com/coder/claude-code/coder"
|
||||
version = "4.1.0"
|
||||
version = "4.2.1"
|
||||
agent_id = coder_agent.example.id
|
||||
workdir = "/home/coder/project"
|
||||
model = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
|
||||
@@ -259,7 +259,7 @@ resource "coder_env" "google_application_credentials" {
|
||||
|
||||
module "claude-code" {
|
||||
source = "registry.coder.com/coder/claude-code/coder"
|
||||
version = "4.1.0"
|
||||
version = "4.2.1"
|
||||
agent_id = coder_agent.example.id
|
||||
workdir = "/home/coder/project"
|
||||
model = "claude-sonnet-4@20250514"
|
||||
|
||||
@@ -114,6 +114,12 @@ variable "claude_code_version" {
|
||||
default = "latest"
|
||||
}
|
||||
|
||||
variable "disable_autoupdater" {
|
||||
type = bool
|
||||
description = "Disable Claude Code automatic updates. When true, Claude Code will stay on the installed version."
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "claude_api_key" {
|
||||
type = string
|
||||
description = "The API key to use for the Claude Code server."
|
||||
@@ -274,6 +280,14 @@ resource "coder_env" "claude_api_key" {
|
||||
value = var.claude_api_key
|
||||
}
|
||||
|
||||
resource "coder_env" "disable_autoupdater" {
|
||||
count = var.disable_autoupdater ? 1 : 0
|
||||
|
||||
agent_id = var.agent_id
|
||||
name = "DISABLE_AUTOUPDATER"
|
||||
value = "1"
|
||||
}
|
||||
|
||||
locals {
|
||||
# we have to trim the slash because otherwise coder exp mcp will
|
||||
# set up an invalid claude config
|
||||
|
||||
@@ -103,9 +103,13 @@ task_session_exists() {
|
||||
local workdir_normalized=$(echo "$ARG_WORKDIR" | tr '/' '-')
|
||||
local project_dir="$HOME/.claude/projects/${workdir_normalized}"
|
||||
|
||||
printf "PROJECT_DIR: %s, workdir_normalized: %s\n" "$project_dir" "$workdir_normalized"
|
||||
|
||||
if [ -d "$project_dir" ] && find "$project_dir" -type f -name "*${TASK_SESSION_ID}*" 2> /dev/null | grep -q .; then
|
||||
printf "TASK_SESSION_ID: %s file found\n" "$TASK_SESSION_ID"
|
||||
return 0
|
||||
else
|
||||
printf "TASK_SESSION_ID: %s file not found\n" "$TASK_SESSION_ID"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
@@ -149,7 +153,11 @@ function start_agentapi() {
|
||||
else
|
||||
echo "No existing session found"
|
||||
if [ "$ARG_REPORT_TASKS" = "true" ]; then
|
||||
ARGS+=(--session-id "$TASK_SESSION_ID")
|
||||
if task_session_exists; then
|
||||
ARGS+=(--resume "$TASK_SESSION_ID")
|
||||
else
|
||||
ARGS+=(--session-id "$TASK_SESSION_ID")
|
||||
fi
|
||||
fi
|
||||
if [ -n "$ARG_AI_PROMPT" ]; then
|
||||
if [ "$ARG_REPORT_TASKS" = "true" ]; then
|
||||
@@ -171,7 +179,11 @@ function start_agentapi() {
|
||||
else
|
||||
echo "Continue disabled, starting fresh session"
|
||||
if [ "$ARG_REPORT_TASKS" = "true" ]; then
|
||||
ARGS+=(--session-id "$TASK_SESSION_ID")
|
||||
if task_session_exists; then
|
||||
ARGS+=(--resume "$TASK_SESSION_ID")
|
||||
else
|
||||
ARGS+=(--session-id "$TASK_SESSION_ID")
|
||||
fi
|
||||
fi
|
||||
if [ -n "$ARG_AI_PROMPT" ]; then
|
||||
if [ "$ARG_REPORT_TASKS" = "true" ]; then
|
||||
|
||||
@@ -16,7 +16,7 @@ Install the JF CLI and authenticate package managers with Artifactory using OAut
|
||||
module "jfrog" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/jfrog-oauth/coder"
|
||||
version = "1.2.1"
|
||||
version = "1.2.2"
|
||||
agent_id = coder_agent.example.id
|
||||
jfrog_url = "https://example.jfrog.io"
|
||||
username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
|
||||
@@ -39,6 +39,15 @@ module "jfrog" {
|
||||
|
||||
This module is usable by JFrog self-hosted (on-premises) Artifactory as it requires configuring a custom integration. This integration benefits from Coder's [external-auth](https://coder.com/docs/v2/latest/admin/external-auth) feature and allows each user to authenticate with Artifactory using an OAuth flow and issues user-scoped tokens to each user. For configuration instructions, see this [guide](https://coder.com/docs/v2/latest/guides/artifactory-integration#jfrog-oauth) on the Coder documentation.
|
||||
|
||||
## Username Handling
|
||||
|
||||
The module automatically extracts your JFrog username directly from the OAuth token's JWT payload. This preserves special characters like dots (`.`), hyphens (`-`), and accented characters that Coder normalizes in usernames.
|
||||
|
||||
**Priority order:**
|
||||
|
||||
1. **JWT extraction** (default) - Extracts username from OAuth token, preserving special characters
|
||||
2. **Fallback to `username_field`** - If JWT extraction fails, uses Coder username or email
|
||||
|
||||
## Examples
|
||||
|
||||
Configure the Python pip package manager to fetch packages from Artifactory while mapping the Coder email to the Artifactory username.
|
||||
@@ -47,7 +56,7 @@ Configure the Python pip package manager to fetch packages from Artifactory whil
|
||||
module "jfrog" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/jfrog-oauth/coder"
|
||||
version = "1.2.1"
|
||||
version = "1.2.2"
|
||||
agent_id = coder_agent.example.id
|
||||
jfrog_url = "https://example.jfrog.io"
|
||||
username_field = "email"
|
||||
@@ -76,7 +85,7 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
|
||||
module "jfrog" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/jfrog-oauth/coder"
|
||||
version = "1.2.1"
|
||||
version = "1.2.2"
|
||||
agent_id = coder_agent.example.id
|
||||
jfrog_url = "https://example.jfrog.io"
|
||||
username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
|
||||
|
||||
@@ -76,8 +76,27 @@ variable "package_managers" {
|
||||
}
|
||||
|
||||
locals {
|
||||
# The username field to use for artifactory
|
||||
username = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
|
||||
jwt_parts = try(split(".", data.coder_external_auth.jfrog.access_token), [])
|
||||
jwt_payload = try(local.jwt_parts[1], "")
|
||||
payload_padding = local.jwt_payload == "" ? "" : (
|
||||
length(local.jwt_payload) % 4 == 0 ? "" :
|
||||
length(local.jwt_payload) % 4 == 2 ? "==" :
|
||||
length(local.jwt_payload) % 4 == 3 ? "=" :
|
||||
""
|
||||
)
|
||||
|
||||
jwt_username = try(
|
||||
regex(
|
||||
"/users/([^/]+)",
|
||||
jsondecode(base64decode("${local.jwt_payload}${local.payload_padding}"))["sub"]
|
||||
)[0],
|
||||
""
|
||||
)
|
||||
|
||||
username = coalesce(
|
||||
local.jwt_username != "" ? local.jwt_username : null,
|
||||
var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
|
||||
)
|
||||
jfrog_host = split("://", var.jfrog_url)[1]
|
||||
common_values = {
|
||||
JFROG_URL = var.jfrog_url
|
||||
|
||||
@@ -14,7 +14,7 @@ Automatically install and run mux in a Coder workspace. By default, the module i
|
||||
module "mux" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/mux/coder"
|
||||
version = "1.0.0"
|
||||
version = "1.0.1"
|
||||
agent_id = coder_agent.example.id
|
||||
}
|
||||
```
|
||||
@@ -35,7 +35,7 @@ module "mux" {
|
||||
module "mux" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/mux/coder"
|
||||
version = "1.0.0"
|
||||
version = "1.0.1"
|
||||
agent_id = coder_agent.example.id
|
||||
}
|
||||
```
|
||||
@@ -46,7 +46,7 @@ module "mux" {
|
||||
module "mux" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/mux/coder"
|
||||
version = "1.0.0"
|
||||
version = "1.0.1"
|
||||
agent_id = coder_agent.example.id
|
||||
# Default is "latest"; set to a specific version to pin
|
||||
install_version = "0.4.0"
|
||||
@@ -59,7 +59,7 @@ module "mux" {
|
||||
module "mux" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/mux/coder"
|
||||
version = "1.0.0"
|
||||
version = "1.0.1"
|
||||
agent_id = coder_agent.example.id
|
||||
port = 8080
|
||||
}
|
||||
@@ -73,7 +73,7 @@ Run an existing copy of mux if found, otherwise install from npm:
|
||||
module "mux" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/mux/coder"
|
||||
version = "1.0.0"
|
||||
version = "1.0.1"
|
||||
agent_id = coder_agent.example.id
|
||||
use_cached = true
|
||||
}
|
||||
@@ -87,7 +87,7 @@ Run without installing from the network (requires mux to be pre-installed):
|
||||
module "mux" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/mux/coder"
|
||||
version = "1.0.0"
|
||||
version = "1.0.1"
|
||||
agent_id = coder_agent.example.id
|
||||
install = false
|
||||
}
|
||||
|
||||
@@ -55,6 +55,7 @@ describe("mux", async () => {
|
||||
expect(output.exitCode).toBe(0);
|
||||
const expectedLines = [
|
||||
"📦 Installing mux via npm into /tmp/mux...",
|
||||
"⏭️ Skipping npm lifecycle scripts with --ignore-scripts",
|
||||
"🥳 mux has been installed in /tmp/mux",
|
||||
"🚀 Starting mux server on port 4000...",
|
||||
"Check logs at /tmp/mux.log!",
|
||||
@@ -62,5 +63,5 @@ describe("mux", async () => {
|
||||
for (const line of expectedLines) {
|
||||
expect(output.stdout).toContain(line);
|
||||
}
|
||||
}, 60000);
|
||||
}, 180000);
|
||||
});
|
||||
|
||||
@@ -50,13 +50,14 @@ if [ ! -f "$MUX_BINARY" ] || [ "${USE_CACHED}" != true ]; then
|
||||
if [ ! -f package.json ]; then
|
||||
echo '{}' > package.json
|
||||
fi
|
||||
echo "⏭️ Skipping npm lifecycle scripts with --ignore-scripts"
|
||||
PKG="mux"
|
||||
if [ -z "${VERSION}" ] || [ "${VERSION}" = "latest" ]; then
|
||||
PKG_SPEC="$PKG@latest"
|
||||
else
|
||||
PKG_SPEC="$PKG@${VERSION}"
|
||||
fi
|
||||
if ! npm install --no-audit --no-fund --omit=dev "$PKG_SPEC"; then
|
||||
if ! npm install --no-audit --no-fund --omit=dev --ignore-scripts "$PKG_SPEC"; then
|
||||
echo "❌ Failed to install mux via npm"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -14,7 +14,7 @@ This module lets you authenticate with [Hashicorp Vault](https://www.vaultprojec
|
||||
module "vault" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/vault-github/coder"
|
||||
version = "1.0.31"
|
||||
version = "1.1.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
}
|
||||
@@ -46,7 +46,7 @@ To configure the Vault module, you must set up a Vault GitHub auth method. See t
|
||||
module "vault" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/vault-github/coder"
|
||||
version = "1.0.31"
|
||||
version = "1.1.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
coder_github_auth_id = "my-github-auth-id"
|
||||
@@ -59,7 +59,7 @@ module "vault" {
|
||||
module "vault" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/vault-github/coder"
|
||||
version = "1.0.31"
|
||||
version = "1.1.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
coder_github_auth_id = "my-github-auth-id"
|
||||
@@ -73,7 +73,7 @@ module "vault" {
|
||||
module "vault" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/vault-github/coder"
|
||||
version = "1.0.31"
|
||||
version = "1.1.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
vault_cli_version = "1.15.0"
|
||||
|
||||
@@ -32,6 +32,12 @@ variable "vault_github_auth_path" {
|
||||
default = "github"
|
||||
}
|
||||
|
||||
variable "vault_namespace" {
|
||||
type = string
|
||||
description = "The Vault Enterprise namespace that contains the GitHub auth mount."
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vault_cli_version" {
|
||||
type = string
|
||||
description = "The version of Vault to install."
|
||||
@@ -52,6 +58,7 @@ resource "coder_script" "vault" {
|
||||
AUTH_PATH : var.vault_github_auth_path,
|
||||
GITHUB_EXTERNAL_AUTH_ID : data.coder_external_auth.github.id,
|
||||
INSTALL_VERSION : var.vault_cli_version,
|
||||
VAULT_NAMESPACE : var.vault_namespace != null ? var.vault_namespace : "",
|
||||
})
|
||||
run_on_start = true
|
||||
start_blocks_login = true
|
||||
@@ -63,6 +70,13 @@ resource "coder_env" "vault_addr" {
|
||||
value = var.vault_addr
|
||||
}
|
||||
|
||||
resource "coder_env" "vault_namespace" {
|
||||
count = var.vault_namespace == null ? 0 : 1
|
||||
agent_id = var.agent_id
|
||||
name = "VAULT_NAMESPACE"
|
||||
value = var.vault_namespace
|
||||
}
|
||||
|
||||
data "coder_external_auth" "github" {
|
||||
id = var.coder_github_auth_id
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
INSTALL_VERSION=${INSTALL_VERSION}
|
||||
GITHUB_EXTERNAL_AUTH_ID=${GITHUB_EXTERNAL_AUTH_ID}
|
||||
AUTH_PATH=${AUTH_PATH}
|
||||
VAULT_NAMESPACE=${VAULT_NAMESPACE}
|
||||
|
||||
fetch() {
|
||||
dest="$1"
|
||||
@@ -104,6 +105,11 @@ if ! (
|
||||
fi
|
||||
rm -rf "$TMP"
|
||||
|
||||
if [ -n "$${VAULT_NAMESPACE}" ]; then
|
||||
export VAULT_NAMESPACE
|
||||
printf "📁 Using Vault namespace: %s\n\n" "$${VAULT_NAMESPACE}"
|
||||
fi
|
||||
|
||||
# Authenticate with Vault
|
||||
printf "🔑 Authenticating with Vault ...\n\n"
|
||||
GITHUB_TOKEN=$(coder external-auth access-token "$${GITHUB_EXTERNAL_AUTH_ID}")
|
||||
|
||||
@@ -14,7 +14,7 @@ This module lets you authenticate with [Hashicorp Vault](https://www.vaultprojec
|
||||
module "vault" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/vault-jwt/coder"
|
||||
version = "1.1.1"
|
||||
version = "1.2.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
vault_jwt_role = "coder" # The Vault role to use for authentication
|
||||
@@ -42,7 +42,7 @@ curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/d
|
||||
module "vault" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/vault-jwt/coder"
|
||||
version = "1.1.1"
|
||||
version = "1.2.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
vault_jwt_auth_path = "oidc"
|
||||
@@ -58,7 +58,7 @@ data "coder_workspace_owner" "me" {}
|
||||
module "vault" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/vault-jwt/coder"
|
||||
version = "1.1.1"
|
||||
version = "1.2.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
vault_jwt_role = data.coder_workspace_owner.me.groups[0]
|
||||
@@ -71,7 +71,7 @@ module "vault" {
|
||||
module "vault" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/vault-jwt/coder"
|
||||
version = "1.1.1"
|
||||
version = "1.2.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
vault_jwt_role = "coder" # The Vault role to use for authentication
|
||||
@@ -132,7 +132,7 @@ resource "jwt_signed_token" "vault" {
|
||||
module "vault" {
|
||||
count = data.coder_workspace.me.start_count
|
||||
source = "registry.coder.com/coder/vault-jwt/coder"
|
||||
version = "1.1.1"
|
||||
version = "1.2.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
vault_jwt_role = "coder" # The Vault role to use for authentication
|
||||
|
||||
@@ -38,6 +38,12 @@ variable "vault_jwt_role" {
|
||||
description = "The name of the Vault role to use for authentication."
|
||||
}
|
||||
|
||||
variable "vault_namespace" {
|
||||
type = string
|
||||
description = "The Vault Enterprise namespace that contains the JWT auth mount."
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vault_cli_version" {
|
||||
type = string
|
||||
description = "The version of Vault to install."
|
||||
@@ -57,6 +63,7 @@ resource "coder_script" "vault" {
|
||||
VAULT_JWT_AUTH_PATH : var.vault_jwt_auth_path,
|
||||
VAULT_JWT_ROLE : var.vault_jwt_role,
|
||||
VAULT_CLI_VERSION : var.vault_cli_version,
|
||||
VAULT_NAMESPACE : var.vault_namespace != null ? var.vault_namespace : "",
|
||||
})
|
||||
run_on_start = true
|
||||
start_blocks_login = true
|
||||
@@ -68,4 +75,11 @@ resource "coder_env" "vault_addr" {
|
||||
value = var.vault_addr
|
||||
}
|
||||
|
||||
resource "coder_env" "vault_namespace" {
|
||||
count = var.vault_namespace == null ? 0 : 1
|
||||
agent_id = var.agent_id
|
||||
name = "VAULT_NAMESPACE"
|
||||
value = var.vault_namespace
|
||||
}
|
||||
|
||||
data "coder_workspace_owner" "me" {}
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
VAULT_CLI_VERSION=${VAULT_CLI_VERSION}
|
||||
VAULT_JWT_AUTH_PATH=${VAULT_JWT_AUTH_PATH}
|
||||
VAULT_JWT_ROLE=${VAULT_JWT_ROLE}
|
||||
VAULT_NAMESPACE=${VAULT_NAMESPACE}
|
||||
CODER_OIDC_ACCESS_TOKEN=${CODER_OIDC_ACCESS_TOKEN}
|
||||
|
||||
fetch() {
|
||||
@@ -105,6 +106,11 @@ if ! (
|
||||
fi
|
||||
rm -rf "$TMP"
|
||||
|
||||
if [ -n "$${VAULT_NAMESPACE}" ]; then
|
||||
export VAULT_NAMESPACE
|
||||
printf "📁 Using Vault namespace: %s\n\n" "$${VAULT_NAMESPACE}"
|
||||
fi
|
||||
|
||||
# Authenticate with Vault
|
||||
printf "🔑 Authenticating with Vault ...\n\n"
|
||||
echo "$${CODER_OIDC_ACCESS_TOKEN}" | vault write -field=token auth/"$${VAULT_JWT_AUTH_PATH}"/login role="$${VAULT_JWT_ROLE}" jwt=- | vault login -
|
||||
|
||||
@@ -19,7 +19,7 @@ variable "vault_token" {
|
||||
|
||||
module "vault" {
|
||||
source = "registry.coder.com/coder/vault-token/coder"
|
||||
version = "1.2.2"
|
||||
version = "1.3.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_token = var.token # optional
|
||||
vault_addr = "https://vault.example.com"
|
||||
@@ -73,7 +73,7 @@ variable "vault_token" {
|
||||
|
||||
module "vault" {
|
||||
source = "registry.coder.com/coder/vault-token/coder"
|
||||
version = "1.2.2"
|
||||
version = "1.3.0"
|
||||
agent_id = coder_agent.example.id
|
||||
vault_addr = "https://vault.example.com"
|
||||
vault_token = var.token
|
||||
|
||||
@@ -50,6 +50,7 @@ resource "coder_script" "vault" {
|
||||
icon = "/icon/vault.svg"
|
||||
script = templatefile("${path.module}/run.sh", {
|
||||
INSTALL_VERSION : var.vault_cli_version,
|
||||
VAULT_NAMESPACE : var.vault_namespace != null ? var.vault_namespace : "",
|
||||
})
|
||||
run_on_start = true
|
||||
start_blocks_login = true
|
||||
@@ -73,4 +74,4 @@ resource "coder_env" "vault_namespace" {
|
||||
agent_id = var.agent_id
|
||||
name = "VAULT_NAMESPACE"
|
||||
value = var.vault_namespace
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
# Convert all templated variables to shell variables
|
||||
INSTALL_VERSION=${INSTALL_VERSION}
|
||||
VAULT_NAMESPACE=${VAULT_NAMESPACE}
|
||||
|
||||
fetch() {
|
||||
dest="$1"
|
||||
@@ -101,3 +102,8 @@ if ! (
|
||||
exit 1
|
||||
fi
|
||||
rm -rf "$TMP"
|
||||
|
||||
if [ -n "$${VAULT_NAMESPACE}" ]; then
|
||||
export VAULT_NAMESPACE
|
||||
printf "📁 Using Vault namespace: %s\n\n" "$${VAULT_NAMESPACE}"
|
||||
fi
|
||||
|
||||
@@ -3,7 +3,7 @@ display_name: airflow
|
||||
description: A module that adds Apache Airflow in your Coder template
|
||||
icon: ../../../../.icons/airflow.svg
|
||||
maintainer_github: nataindata
|
||||
verified: true
|
||||
verified: false
|
||||
tags: [airflow, ide, web]
|
||||
---
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
display_name: DigitalOcean Region
|
||||
description: A parameter with human region names and icons
|
||||
icon: ../../../../.icons/digital-ocean.svg
|
||||
verified: true
|
||||
verified: false
|
||||
tags: [helper, parameter, digitalocean, regions]
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user