feat: Support caching provisioner assets (#574)

* feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * feat: Support caching provisioner assets This caches the Terraform binary, and Terraform plugins. Eventually, it could cache other temporary files. * chore: fix linter Co-authored-by: Garrett <garrett@coder.com>
2025-07-15 22:20:27 +00:00 · 2022-03-28 13:57:19 -06:00
parent 9485fd62da
commit 13cef7d07c
4 changed files with 23 additions and 5 deletions
--- a/provisioner/terraform/provision.go
+++ b/provisioner/terraform/provision.go
@ -87,6 +87,14 @@ func (t *terraform) Provision(stream proto.DRPCProvisioner_ProvisionStream) erro
 			})
 		}
 	}()
+	if t.cachePath != "" {
+		err = terraform.SetEnv(map[string]string{
+			"TF_PLUGIN_CACHE_DIR": t.cachePath,
+		})
+		if err != nil {
+			return xerrors.Errorf("set terraform plugin cache dir: %w", err)
+		}
+	}
 	terraform.SetStdout(writer)
 	t.logger.Debug(shutdown, "running initialization")
 	err = terraform.Init(shutdown)