goosy_assassin
goosy_assassin
PostsComments
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
if I use coalesce(TF_VAR_XXX, OPTIONAL_XXX) it would fail to compile, coalesce would complain two null value.
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
the key change is not use coalesce on TF_VAR
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
Hi @Phorcys yes i managed to get it work in the end with TF_VAR
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
I suspect the reason is "null_resource" run on outer layer where coder service runs, and the coder_agent.main startup script runs in the actual workspace layer
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
so I set up the env variable at where coder service is running, TF_VAR_GITHUB_TOKEN. Then in the main.tf, I declare the variable: variable "GITHUB_TOKEN" { default = "" } I have to set a default value otherwise it prompts me to give it a value. and this is my resource "null_resource" 
resource "null_resource" "clone_code_vault" {
  triggers = {
    always_run = "${timestamp()}"
  }

  provisioner "local-exec" {
    command = <<-EOT
      #!/bin/bash

      echo $$TOKEN

    EOT

    environment = {
      TOKEN = var.GITHUB_TOKEN
    }
  }

  depends_on = [coder_agent.main]
}
resource "null_resource" "clone_code_vault" {
  triggers = {
    always_run = "${timestamp()}"
  }

  provisioner "local-exec" {
    command = <<-EOT
      #!/bin/bash

      echo $$TOKEN

    EOT

    environment = {
      TOKEN = var.GITHUB_TOKEN
    }
  }

  depends_on = [coder_agent.main]
}
and I could see it in the log. it's not empty. however when I set it in coder_agent.main: 
  startup_script = <<-EOT
     echo $${GITHUB_TOKEN}
  EOT
  env = {
    GITHUB_TOKEN = var.GITHUB_TOKEN
  }
  startup_script = <<-EOT
     echo $${GITHUB_TOKEN}
  EOT
  env = {
    GITHUB_TOKEN = var.GITHUB_TOKEN
  }
it's empty
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
Now I've met the problem that only in resource "null_resource" the main.tf could read the env variable, when I put it in the startup_script of resource "coder_agent" "main", it's empty again
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
ahh problem sovled. as long as I add an empty default value to the variable clause, then it would stop asking for inputs
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
No description
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
is it the USER_DEFINED_ID in the callback URL https://coder.example.com/external-auth/USER_DEFINED_ID/callback of the github app?
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
if I am using external-auth#git-providers, is this the correct way to access the token?
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
what kind of script should I prepare? If environment variable and external-auth#git-providers both don't work out I might look into Vault.
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
sorry I want to circle back to set up env variable. I can see in the log it detects the env variable: terraform environment variable: TF_VAR_GITHUB_TOKEN=<value redacted> but when I call var.GITHUB_TOKEN, it said it hasn't been declared: Error: Reference to undeclared input variable on main.tf line 351, in resource "null_resource" "clone_code_vault": 351: TOKEN = coalesce(data.coder_parameter.code_vault_token.value, data.coder_external_auth.github.access_token, var.GITHUB_TOKEN) An input variable with the name "GITHUB_TOKEN" has not been declared. This variable can be declared with a variable "GITHUB_TOKEN" {} block. and when I create variable "GITHUB_TOKEN" {}, it asks me to manually put in the varible. how come it detects it but still ask me to declare it? is this expected?
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
i see, i'll look into it. Thank you!
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
my understanding of this is it would require user of that workspace to log in/put in the authentication? is there a way to set it for all the workspace as default?
42 replies
CCoder.com
Created by goosy_assassin on 8/15/2024 in #help
What's the best way to store GitHub PAT for main.tf?
end goal is not storing the PAT in the main.tf directly, but still allow script in main.tf to use this token to pull a private repo.
42 replies