From 3f3ecbf8b3e1216f08c452bacc001a69780a2cb6 Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Mon, 6 Jun 2022 05:05:16 -0700 Subject: [PATCH] feat: Authenticate Digital Ocean via environment variable (#2051) * Digital Ocean example uses environment variable auth Signed-off-by: Spike Curtis --- examples/templates/do-linux/README.md | 10 +++++++++- examples/templates/do-linux/main.tf | 28 +++++++++------------------ 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/examples/templates/do-linux/README.md b/examples/templates/do-linux/README.md index 398b18501b..5829af5d24 100644 --- a/examples/templates/do-linux/README.md +++ b/examples/templates/do-linux/README.md @@ -10,8 +10,16 @@ This is an example for deploying workspaces as Digital Ocean Droplets. ## Requirements -- Digital Ocean Personal Access Token (PAT) - Digital Ocean Project ID (e.g. `doctl projects list`) - Remove `variable "step2_do_project_id"` and `resource "digitalocean_project_resources" "project"` if you don't want project association. - (Optional) Digital Ocean SSH key ID (e.g. `doctl compute ssh-key list`) - Only required for Fedora images to work. + +## Authentication + +This template assumes that coderd is run in an environment that is authenticated +with Digital Ocean. Obtain a +[Digital Ocean Personal Access Token](https://cloud.digitalocean.com/account/api/tokens) and set +the environment variable `DIGITALOCEAN_TOKEN` to the access token before starting coderd. For +other ways to authenticate +[consult the Terraform docs](https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs). diff --git a/examples/templates/do-linux/main.tf b/examples/templates/do-linux/main.tf index e9d611dddc..7710138bd5 100644 --- a/examples/templates/do-linux/main.tf +++ b/examples/templates/do-linux/main.tf @@ -11,18 +11,7 @@ terraform { } } -variable "step1_do_token" { - type = string - description = "Enter token (see documentation at https://docs.digitalocean.com/reference/api/create-personal-access-token/)" - sensitive = true - - validation { - condition = length(var.step1_do_token) == 71 && substr(var.step1_do_token, 0, 4) == "dop_" - error_message = "Invalid Digital Ocean Personal Access Token." - } -} - -variable "step2_do_project_id" { +variable "step1_do_project_id" { type = string description = <<-EOF Enter project ID @@ -32,17 +21,17 @@ variable "step2_do_project_id" { sensitive = true validation { - condition = length(var.step2_do_project_id) == 36 + condition = length(var.step1_do_project_id) == 36 error_message = "Invalid Digital Ocean Project ID." } } -variable "step3_do_admin_ssh_key" { +variable "step2_do_admin_ssh_key" { type = number description = <<-EOF Enter admin SSH key ID (some Droplet images require an SSH key to be set): - Can be set to zero. + Can be set to "0" for no key. Note: Setting this to zero will break Fedora images and notify root passwords via email. @@ -51,7 +40,7 @@ variable "step3_do_admin_ssh_key" { sensitive = true validation { - condition = var.step3_do_admin_ssh_key >= 0 + condition = var.step2_do_admin_ssh_key >= 0 error_message = "Invalid Digital Ocean SSH key ID, a number is required." } } @@ -98,7 +87,8 @@ variable "region" { # Configure the DigitalOcean Provider provider "digitalocean" { - token = var.step1_do_token + # Recommended: use environment variable DIGITALOCEAN_TOKEN with your personal access token when starting coderd + # alternatively, you can pass the token via a variable. } data "coder_workspace" "me" {} @@ -130,12 +120,12 @@ resource "digitalocean_droplet" "workspace" { coder_agent_token = coder_agent.dev.token }) # Required to provision Fedora. - ssh_keys = var.step3_do_admin_ssh_key > 0 ? [var.step3_do_admin_ssh_key] : [] + ssh_keys = var.step2_do_admin_ssh_key > 0 ? [var.step2_do_admin_ssh_key] : [] } # Temporarily disabled because it breaks SSH. (https://github.com/coder/coder/issues/1750) # resource "digitalocean_project_resources" "project" { -# project = var.step2_do_project_id +# project = var.step1_do_project_id # # Workaround for terraform plan when using count. # resources = length(digitalocean_droplet.workspace) > 0 ? [ # digitalocean_volume.home_volume.urn,