feat: Support caching provisioner assets (#574)

* feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * feat: Support caching provisioner assets This caches the Terraform binary, and Terraform plugins. Eventually, it could cache other temporary files. * chore: fix linter Co-authored-by: Garrett <garrett@coder.com>
2025-07-13 21:36:50 +00:00 · 2022-03-28 13:57:19 -06:00
parent 9485fd62da
commit 13cef7d07c
4 changed files with 23 additions and 5 deletions
--- a/provisioner/terraform/serve.go
+++ b/provisioner/terraform/serve.go
@ -34,6 +34,7 @@ type ServeOptions struct {
 	// BinaryPath specifies the "terraform" binary to use.
 	// If omitted, the $PATH will attempt to find it.
 	BinaryPath string
+	CachePath  string
 	Logger     slog.Logger
 }

@ -43,8 +44,9 @@ func Serve(ctx context.Context, options *ServeOptions) error {
 		binaryPath, err := exec.LookPath("terraform")
 		if err != nil {
 			installer := &releases.ExactVersion{
-				Product: product.Terraform,
-				Version: version.Must(version.NewVersion("1.1.7")),
+				InstallDir: options.CachePath,
+				Product:    product.Terraform,
+				Version:    version.Must(version.NewVersion("1.1.7")),
 			}

 			execPath, err := installer.Install(ctx)
@ -58,11 +60,13 @@ func Serve(ctx context.Context, options *ServeOptions) error {
 	}
 	return provisionersdk.Serve(ctx, &terraform{
 		binaryPath: options.BinaryPath,
+		cachePath:  options.CachePath,
 		logger:     options.Logger,
 	}, options.ServeOptions)
 }

 type terraform struct {
 	binaryPath string
+	cachePath  string
 	logger     slog.Logger
 }