feat: Remove agent_script data source to simplify resources (#8)

This adds a new resource for associating instance IDs, which will only
need to be used in edge-cases. We'll auto-detect instance identifiers
for the most popular cases, and perform zero-trust authentication.

It seemed weird to separate the agent script and agent itself. This also
led to difficulties previewing the operating system prior to start.

Makefile

@@ -1,5 +1,12 @@
 default: testacc
 
+fmt:
+	terraform fmt -recursive
+
+gen:
+	# go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest
+	tfplugindocs
+
 # Run acceptance tests
 .PHONY: testacc
 testacc:

docs/data-sources/workspace.md

@@ -26,12 +26,13 @@ resource "kubernetes_pod" "dev" {
 
 ### Optional
 
-- **id** (String) The ID of this resource.
+- `id` (String) The ID of this resource.
 
 ### Read-Only
 
-- **name** (String) Name of the workspace.
-- **owner** (String) Username of the workspace owner.
-- **transition** (String) Either "start" or "stop". Use this to start/stop resources with "count".
+- `name` (String) Name of the workspace.
+- `owner` (String) Username of the workspace owner.
+- `start_count` (Number) A computed count based on "transition" state. If "start", count will equal 1.
+- `transition` (String) Either "start" or "stop". Use this to start/stop resources with "count".
 
 

docs/index.md

@@ -13,10 +13,6 @@ description: |-
 ## Example
 
 ```terraform
-variable "gcp_credentials" {
-  sensitive = true
-}
-
 terraform {
   required_providers {
     coder = {
@@ -26,26 +22,23 @@ terraform {
 }
 
 provider "google" {
-  region      = "us-central1"
-  credentials = var.gcp_credentials
+  region = "us-central1"
 }
 
 data "coder_workspace" "me" {}
-data "google_compute_default_service_account" "default" {}
-data "coder_agent_script" "dev" {
+
+resource "coder_agent" "dev" {
   arch = "amd64"
   os   = "linux"
-}
-resource "random_string" "random" {
-  count   = data.coder_workspace.me.transition == "start" ? 1 : 0
-  length  = 8
-  special = false
+  auth = "google-instance-identity"
 }
 
+data "google_compute_default_service_account" "default" {}
+
 resource "google_compute_instance" "dev" {
   zone         = "us-central1-a"
-  count        = data.coder_workspace.me.transition == "start" ? 1 : 0
-  name         = "coder-${lower(random_string.random[0].result)}"
+  count        = data.coder_workspace.me.start_count
+  name         = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
   machine_type = "e2-medium"
   network_interface {
     network = "default"
@@ -62,15 +55,7 @@ resource "google_compute_instance" "dev" {
     email  = data.google_compute_default_service_account.default.email
     scopes = ["cloud-platform"]
   }
-  metadata_startup_script = data.coder_agent_script.dev.value
-}
-
-resource "coder_agent" "dev" {
-  count = length(google_compute_instance.dev)
-  auth {
-    type        = "google-instance-identity"
-    instance_id = google_compute_instance.dev[0].instance_id
-  }
+  metadata_startup_script = coder_agent.dev.init_script
 }
 ```
 
@@ -79,4 +64,4 @@ resource "coder_agent" "dev" {
 
 ### Optional
 
-- **url** (String) The URL to access Coder.
+- `url` (String) The URL to access Coder.

docs/resources/agent.md

@@ -13,19 +13,19 @@ Use this resource to associate an agent.
 ## Example Usage
 
 ```terraform
-data "coder_agent_script" "dev" {
-  os   = "linux"
-  arch = "amd64"
+data "coder_workspace" "me" {
 }
 
 resource "coder_agent" "dev" {
-  startup_script = "code-server"
+  os   = "linux"
+  arch = "amd64"
 }
 
-resource "google_compute_instance" "dev" {
+resource "kubernetes_pod" "dev" {
+  count = data.coder_workspace.me.start_count
   spec {
     container {
-      command = ["sh", "-c", data.coder_agent_script.dev.value]
+      command = ["sh", "-c", coder_agent.dev.init_script]
       env {
         name  = "CODER_TOKEN"
         value = coder_agent.dev.token
@@ -38,15 +38,21 @@ resource "google_compute_instance" "dev" {
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
+### Required
+
+- `arch` (String) The architecture the agent will run on. Must be one of: "amd64", "arm64".
+- `os` (String) The operating system the agent will run on. Must be one of: "linux", "darwin", or "windows".
+
 ### Optional
 
-- **env** (Map of String) A mapping of environment variables to set inside the workspace.
-- **id** (String) The ID of this resource.
-- **instance_id** (String) An instance ID from a provisioned instance to enable zero-trust agent authentication.
-- **startup_script** (String) A script to run after the agent starts.
+- `auth` (String) The authentication type the agent will use. Must be one of: "token", "google-instance-identity", "aws-instance-identity", "azure-instance-identity".
+- `env` (Map of String) A mapping of environment variables to set inside the workspace.
+- `id` (String) The ID of this resource.
+- `startup_script` (String) A script to run after the agent starts.
 
 ### Read-Only
 
-- **token** (String) Set the environment variable "CODER_TOKEN" with this token to authenticate an agent.
+- `init_script` (String) Run this script on startup of an instance to initialize the agent.
+- `token` (String) Set the environment variable "CODER_TOKEN" with this token to authenticate an agent.
 
 

docs/resources/agent_instance.md

@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "coder_agent_instance Resource - terraform-provider-coder"
+subcategory: ""
+description: |-
+  Use this resource to associate an instance ID with an agent for zero-trust authentication. This association is done automatically for "googlecomputeinstance", "awsinstance", "azurermlinuxvirtualmachine", and "azurermwindowsvirtual_machine" resources.
+---
+
+# coder_agent_instance (Resource)
+
+Use this resource to associate an instance ID with an agent for zero-trust authentication. This association is done automatically for "google_compute_instance", "aws_instance", "azurerm_linux_virtual_machine", and "azurerm_windows_virtual_machine" resources.
+
+## Example Usage
+
+```terraform
+resource "coder_agent" "dev" {
+  os   = "linux"
+  arch = "amd64"
+  auth = "google-instance-identity"
+}
+
+resource "google_compute_instance" "dev" {
+  zone = "us-central1-a"
+}
+
+resource "coder_agent_instance" "dev" {
+  agent_id    = coder_agent.dev.id
+  instance_id = google_compute_instance.dev.instance_id
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `agent_id` (String) The "id" property of a "coder_agent" resource to associate with.
+- `instance_id` (String) The instance identifier of a provisioned resource.
+
+### Optional
+
+- `id` (String) The ID of this resource.
+
+

examples/provider/provider.tf

@@ -1,7 +1,3 @@
-variable "gcp_credentials" {
-  sensitive = true
-}
-
 terraform {
   required_providers {
     coder = {
@@ -11,26 +7,23 @@ terraform {
 }
 
 provider "google" {
-  region      = "us-central1"
-  credentials = var.gcp_credentials
+  region = "us-central1"
 }
 
 data "coder_workspace" "me" {}
-data "google_compute_default_service_account" "default" {}
-data "coder_agent_script" "dev" {
+
+resource "coder_agent" "dev" {
   arch = "amd64"
   os   = "linux"
-}
-resource "random_string" "random" {
-  count   = data.coder_workspace.me.transition == "start" ? 1 : 0
-  length  = 8
-  special = false
+  auth = "google-instance-identity"
 }
 
+data "google_compute_default_service_account" "default" {}
+
 resource "google_compute_instance" "dev" {
   zone         = "us-central1-a"
-  count        = data.coder_workspace.me.transition == "start" ? 1 : 0
-  name         = "coder-${lower(random_string.random[0].result)}"
+  count        = data.coder_workspace.me.start_count
+  name         = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
   machine_type = "e2-medium"
   network_interface {
     network = "default"
@@ -47,13 +40,5 @@ resource "google_compute_instance" "dev" {
     email  = data.google_compute_default_service_account.default.email
     scopes = ["cloud-platform"]
   }
-  metadata_startup_script = data.coder_agent_script.dev.value
-}
-
-resource "coder_agent" "dev" {
-  count = length(google_compute_instance.dev)
-  auth {
-    type        = "google-instance-identity"
-    instance_id = google_compute_instance.dev[0].instance_id
-  }
+  metadata_startup_script = coder_agent.dev.init_script
 }

examples/resources/coder_agent/resource.tf

@@ -1,16 +1,16 @@
-data "coder_agent_script" "dev" {
-  os   = "linux"
-  arch = "amd64"
+data "coder_workspace" "me" {
 }
 
 resource "coder_agent" "dev" {
-  startup_script = "code-server"
+  os   = "linux"
+  arch = "amd64"
 }
 
-resource "google_compute_instance" "dev" {
+resource "kubernetes_pod" "dev" {
+  count = data.coder_workspace.me.start_count
   spec {
     container {
-      command = ["sh", "-c", data.coder_agent_script.dev.value]
+      command = ["sh", "-c", coder_agent.dev.init_script]
       env {
         name  = "CODER_TOKEN"
         value = coder_agent.dev.token

examples/resources/coder_agent_instance/resource.tf

@@ -0,0 +1,14 @@
+resource "coder_agent" "dev" {
+  os   = "linux"
+  arch = "amd64"
+  auth = "google-instance-identity"
+}
+
+resource "google_compute_instance" "dev" {
+  zone = "us-central1-a"
+}
+
+resource "coder_agent_instance" "dev" {
+  agent_id    = coder_agent.dev.id
+  instance_id = google_compute_instance.dev.instance_id
+}