synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-23 21:32:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't use parameters to pass secrets to GCP or AWS (#2039)

Browse Source 
* Don't use parameters to pass secrets to GCP or AWS

Signed-off-by: Spike Curtis <spike@coder.com>

* Fix fmt

Signed-off-by: Spike Curtis <spike@coder.com>
This commit is contained in:
Spike Curtis
2022-06-03 14:29:22 -07:00
committed by GitHub
parent 43f622a52d
commit 847e2b18da
11 changed files with 180 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
examples/templates/gcp-linux/README.md
View File

@ -3,3 +3,22 @@ name: Develop in Linux on Google Cloud
description: Get started with Linux development on Google Cloud.
tags: [cloud, google]
---
# gcp-linux
## Getting started
Pick this template in `coder templates init` and follow instructions.
## Authentication
This template assumes that coderd is run in an environment that is authenticated
with Google Cloud. For example, run `gcloud auth application-default login` to import
credentials on the system and user running coderd. For other ways to authenticate
[consult the Terraform docs](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started#adding-credentials).
## Required permissions / policy
The user or service account used by the Terraform provisioner should have the following roles
- Compute Admin

21
examples/templates/gcp-linux/main.tf
View File

@ -11,20 +11,8 @@ terraform {
}
}
variable "service_account" {
description = <<EOF
Coder requires a Google Cloud Service Account to provision workspaces.
1. Create a service account:
https://console.cloud.google.com/projectselector/iam-admin/serviceaccounts/create
2. Add the roles:
- Compute Admin
- Service Account User
3. Click on the created key, and navigate to the "Keys" tab.
4. Click "Add key", then "Create new key".
5. Generate a JSON private key, and paste the contents below.
EOF
sensitive = true
variable "project_id" {
description = "Which Google Compute Project should your workspace live in?"
}
variable "zone" {
@ -37,9 +25,8 @@ variable "zone" {
}
provider "google" {
zone = var.zone
credentials = var.service_account
project = jsondecode(var.service_account).project_id
zone = var.zone
project = var.project_id
}
data "google_compute_default_service_account" "default" {