feat: extract coder_secret requirements into Output#198
feat: extract coder_secret requirements into Output#198dylanhuff-at-coder merged 4 commits intomainfrom
Conversation
…dress other pr feedback
There was a problem hiding this comment.
Do the e2e tests pass if you remove these files and uprev the terraform-provider-coder in go.mod to coder/terraform-provider-coder#501?
There was a problem hiding this comment.
I've been trying to get this to work before the merge, but I don't think it's possible. The tests actually run terraform init and terraform plan which require the Terraform provider to contain coder_secret, which it currently doesn't. Changing the go.mod file to point at your PR doesn't quite cut it unfortunately.
There was a problem hiding this comment.
One last thought: coder/preview previously seemed to exclusively deal with "workspace parameters" (i.e. coder_parameter) in a template. We're extending the modules scope, so we should probably update the docs. It's something we can do in a follow-up PR. To avoid it falling through the cracks I created https://linear.app/codercom/issue/PLAT-140/update-coderpreview-docs-to-reflect-new-coder-secret-scope
3 participants
Adds a new
SecretRequirementsslice onpreview.Output, populated by parsingdata "coder_secret" "..." { ... }blocks in a template. Part of the User Secrets feature (PLAT-100); consumed by a companion PR incoder/coderthat renders "missing required secret" diagnostics on the create-workspace page.Notes
coder_secretdoesn't currently exist as a Terraform data source yet. This PR still works because preview uses trivy's HCL parser for static analysis — it never runsterraform initon the template, so unknown data source types don't break extraction. The only test that does runterraform initisTest_VerifyE2E, and the two new testdata fixtures carry the repo's existingskipe2esentinel file to opt them out of that test. The extraction tests (Test_Extract,Test_SecretRequirementErrors) all run normally and verify the behavior this PR adds.A follow-up PR will need to remove the
skipe2esentinels onceterraform-provider-coderships thecoder_secretdata source, so E2E also covers these fixtures.Also of note, this is the first of two PRs for PLAT-100. The second will be done in
coder/coderand requires this one to be merged first, which is why I'd like to merge this even without thecoder_secretdata source existing.