feat: extract coder_secret requirements into Output#198
Open
dylanhuff-at-coder wants to merge 1 commit intomainfrom
Open
feat: extract coder_secret requirements into Output#198dylanhuff-at-coder wants to merge 1 commit intomainfrom
dylanhuff-at-coder wants to merge 1 commit intomainfrom
Conversation
Emyrk
reviewed
Apr 20, 2026
| // SecretFromBlock decodes a `data "coder_secret" {}` Terraform block into a | ||
| // SecretRequirement. Exactly one of `env` or `file` must be set, and | ||
| // `help_message` is required. Returns (nil, diags) on validation failure. | ||
| func SecretFromBlock(block *terraform.Block) (*types.SecretRequirement, hcl.Diagnostics) { |
Member
There was a problem hiding this comment.
Reccomend doing a panic recover guard:
https://github.com/coder/preview/blob/main/extract/preset.go#L13-L30
Things can panic in the type system pretty easily if misused.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a new
SecretRequirementsslice onpreview.Output, populated by parsingdata "coder_secret" "..." { ... }blocks in a template. Part of the User Secrets feature (PLAT-100); consumed by a companion PR incoder/coderthat renders "missing required secret" diagnostics on the create-workspace page.Notes
coder_secretdoesn't currently exist as a Terraform data source yet. This PR still works because preview uses trivy's HCL parser for static analysis — it never runsterraform initon the template, so unknown data source types don't break extraction. The only test that does runterraform initisTest_VerifyE2E, and the two new testdata fixtures carry the repo's existingskipe2esentinel file to opt them out of that test. The extraction tests (Test_Extract,Test_SecretRequirementErrors) all run normally and verify the behavior this PR adds.A follow-up PR will need to remove the
skipe2esentinels onceterraform-provider-coderships thecoder_secretdata source, so E2E also covers these fixtures.Also of note, this is the first of two PRs for PLAT-100. The second will be done in
coder/coderand requires this one to be merged first, which is why I'd like to merge this even without thecoder_secretdata source existing.