Update coder-login module to use coder_env resources (#389)

blink-so[bot] · matifali · johnstcn · web-flow · commit a9b015044f7e · 2025-08-26T21:33:00.000-05:00
This PR updates the `coder-login` module to use `coder_env` resources
instead of shell scripts for better security, maintainability, and
native Terraform integration.

## Changes
- **Replaced `coder_script` with `coder_env` resources**: Uses native
Terraform provider resources instead of shell scripts
- **Removed `run.sh` script**: Eliminated the need for external shell
scripts
- **Environment variables**: Sets `CODER_SESSION_TOKEN` and `CODER_URL`
using `coder_env` resources
- **Added comprehensive tests**: Includes Terraform tests with mocked
data validation
- **Version bump**: Updated module version from `v1.0.31` to `v1.1.0`
(minor bump)

## Benefits
- **Native Terraform approach**: Uses the provider's built-in resources
instead of external scripts
- **Better security**: Environment variables are set directly by
Terraform without shell script interpolation
- **Improved maintainability**: Cleaner, more declarative configuration
- **Proper testing**: Comprehensive test coverage with mocked data
sources
- **Correct environment variables**: Uses `CODER_SESSION_TOKEN` and
`CODER_URL` as per coder CLI documentation

## Testing
- All Terraform tests pass successfully
- Module validates correctly with `terraform validate`
- Proper formatting verified with `terraform fmt`

Co-authored-by: blink-so[bot] &lt;211532188+blink-so[bot]@users.noreply.github.com&gt;
Co-authored-by: Atif Ali &lt;atif@coder.com&gt;
Co-authored-by: Cian Johnston &lt;public@cianjohnston.ie&gt;
diff --git a/registry/coder/modules/coder-login/README.md b/registry/coder/modules/coder-login/README.md
@@ -14,7 +14,7 @@ Automatically logs the user into Coder when creating their workspace.
 module "coder-login" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/coder-login/coder"
-  version  = "1.0.31"
+  version  = "1.1.0"
   agent_id = coder_agent.example.id
 }
 ```
diff --git a/registry/coder/modules/coder-login/main.tf b/registry/coder/modules/coder-login/main.tf
@@ -17,15 +17,14 @@ variable "agent_id" {
 data "coder_workspace" "me" {}
 data "coder_workspace_owner" "me" {}
 
-resource "coder_script" "coder-login" {
+resource "coder_env" "coder_session_token" {
   agent_id = var.agent_id
-  script = templatefile("${path.module}/run.sh", {
-    CODER_USER_TOKEN : data.coder_workspace_owner.me.session_token,
-    CODER_DEPLOYMENT_URL : data.coder_workspace.me.access_url
-  })
-  display_name       = "Coder Login"
-  icon               = "/icon/coder.svg"
-  run_on_start       = true
-  start_blocks_login = true
+  name     = "CODER_SESSION_TOKEN"
+  value    = data.coder_workspace_owner.me.session_token
 }
 
+resource "coder_env" "coder_url" {
+  agent_id = var.agent_id
+  name     = "CODER_URL"
+  value    = data.coder_workspace.me.access_url
+}
diff --git a/registry/coder/modules/coder-login/main.tftest.hcl b/registry/coder/modules/coder-login/main.tftest.hcl
@@ -0,0 +1,65 @@
+# Test for coder-login module
+
+run "test_coder_login_module" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-id"
+  }
+
+  # Test that the coder_env resources are created with correct configuration
+  assert {
+    condition     = coder_env.coder_session_token.agent_id == "test-agent-id"
+    error_message = "CODER_SESSION_TOKEN agent ID should match the input variable"
+  }
+
+  assert {
+    condition     = coder_env.coder_session_token.name == "CODER_SESSION_TOKEN"
+    error_message = "Environment variable name should be 'CODER_SESSION_TOKEN'"
+  }
+
+  assert {
+    condition     = coder_env.coder_url.agent_id == "test-agent-id"
+    error_message = "CODER_URL agent ID should match the input variable"
+  }
+
+  assert {
+    condition     = coder_env.coder_url.name == "CODER_URL"
+    error_message = "Environment variable name should be 'CODER_URL'"
+  }
+}
+
+# Test with mock data sources
+run "test_with_mock_data" {
+  command = plan
+
+  variables {
+    agent_id = "mock-agent"
+  }
+
+  # Mock the data sources for testing
+  override_data {
+    target = data.coder_workspace.me
+    values = {
+      access_url = "https://coder.example.com"
+    }
+  }
+
+  override_data {
+    target = data.coder_workspace_owner.me
+    values = {
+      session_token = "mock-session-token"
+    }
+  }
+
+  # Verify environment variables get the mocked values
+  assert {
+    condition     = coder_env.coder_url.value == "https://coder.example.com"
+    error_message = "CODER_URL should match workspace access_url"
+  }
+
+  assert {
+    condition     = coder_env.coder_session_token.value == "mock-session-token"
+    error_message = "CODER_SESSION_TOKEN should match workspace owner session_token"
+  }
+}
diff --git a/registry/coder/modules/coder-login/run.sh b/registry/coder/modules/coder-login/run.sh

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ Automatically logs the user into Coder when creating their workspace.`
`14`	`14`	`module "coder-login" {`
`15`	`15`	`count = data.coder_workspace.me.start_count`
`16`	`16`	`source = "registry.coder.com/coder/coder-login/coder"`
`17`		`- version = "1.0.31"`
	`17`	`+ version = "1.1.0"`
`18`	`18`	`agent_id = coder_agent.example.id`
`19`	`19`	`}`
`20`	`20`	```