flatten demo terraform

Emyrk · Emyrk · commit 13e5287ab5ef · 2025-03-14T08:57:53.000-05:00
diff --git a/testdata/demo_flat/README.md b/testdata/demo_flat/README.md
@@ -0,0 +1,37 @@
+# Demo Template
+
+3 security "zones" exist. Their role defines which are available
+- `high` - all roles
+- `medium` - developers + admins
+- `low` - admins only
+
+Regions exists. Users are defaulted to their region based on their groups.
+ - `us-pittsburgh`
+ - `eu-helsinki`
+ - `ap-sydney`
+ - `sa-saopaulo`
+ - `za-jnb`
+
+Select your IDE from jetbrains based on your team.
+- Frontend
+- Backend
+- Fullstack
+
+Select your CPUs
+- 1-8
+- On `high` security zones, only 1-4 are available.
+
+Select your image hash (only available to admins)
+
+## User Groups
+
+Group options:
+- Role
+ - `admin`
+ - `developer`
+- Region
+ - `us-pittsburgh`
+ - `eu-helsinki`
+ - `ap-sydney`
+ - `sa-saopaulo`
+ - `za-jnb`
diff --git a/testdata/demo_flat/base.tf b/testdata/demo_flat/base.tf
@@ -0,0 +1,30 @@
+locals {
+  // default to the only option if only 1 exists
+  choose_security = length(keys(local.allowed_security_levels)) > 1
+  secutity_level = local.choose_security ? data.coder_parameter.security_level[0].value : keys(module.deploys.security_levels)[0]
+}
+
+data "coder_parameter" "security_level" {
+  count        = local.choose_security ? 1 : 0
+  name         = "security_level"
+  display_name = "Security Level"
+  description  = "What security level do you need?"
+  type         = "string"
+  default      = "high"
+  order        = 50
+
+
+  dynamic "option" {
+    for_each = local.allowed_security_levels
+    content {
+      name  = option.value.display_name
+      value = option.key
+      description = option.value.description
+    }
+  }
+
+  # validation {
+  #   regex = "^high|medium|low$"
+  #   error = "You must select either high, medium, or low."
+  # }
+}
diff --git a/testdata/demo_flat/deploys.tf b/testdata/demo_flat/deploys.tf
@@ -0,0 +1,52 @@
+// Handles which cluster the workspace should be deployed to
+// using workspace tags.
+locals {
+  security_levels = {
+    "high"   = {
+      display_name = "High"
+      description  = "Most confidentiality, restricted access. Deployed into the confidential cluster."
+      tags         = {"cluster": "confidential"}
+    }
+    "medium" = {
+      display_name = "Medium"
+      description  = "A medium security level. Deployed into the standard production cluster."
+      tags         = {"cluster": "production"}
+    }
+    "low"    = {
+      display_name = "Low"
+      description  = "The lowest security level. Deployed into the public cluster."
+      tags         = {"cluster": "public"}
+    }
+  }
+
+  admin = local.security_levels
+  developer = {for k in ["high", "medium"] : k => local.security_levels[k]}
+  contractor = {for k in ["high"] : k => local.security_levels[k]}
+  isAdmin = contains(data.coder_workspace_owner.me.groups, "admin")
+  isDeveloper = contains(data.coder_workspace_owner.me.groups, "developer")
+
+  allowed_security_levels = (
+    local.isAdmin ? local.admin :
+      local.isDeveloper ? local.developer : local.contractor
+  )
+
+  direct_ssh_allowed = local.isAdmin && var.security == "low"
+}
+
+variable "security" {
+  type = string
+  default = "high"
+}
+
+data "coder_workspace_tags" "custom_workspace_tags" {
+  tags = local.security_levels[var.security].tags
+}
+
+
+data "coder_parameter" "direct_ssh" {
+  count       =  local.direct_ssh_allowed ? 1 : 0
+  name        = "Direct SSH to Pod"
+  description = "Should direct SSH access be enabled to the workspace pod? This should be set to false for production workspaces, and is a debugging tool."
+  type        = "bool"
+  default     = false
+}
diff --git a/testdata/demo_flat/locals.tf b/testdata/demo_flat/locals.tf
@@ -0,0 +1,60 @@
+locals {
+  fe_codes = ["PS", "WS"]
+  be_codes = ["CL", "GO", "IU", "PY"]
+  teams = {
+    "frontend" = {
+      "display_name" = "Frontend",
+      "codes" = local.fe_codes,
+      "description" = "The team that works on the frontend.",
+      "icon" = "/icon/desktop.svg"
+    },
+    "backend" = {
+      "display_name" = "Backend",
+      "codes" = local.be_codes,
+      "description" = "The team that works on the backend.",
+      "icon" = "/emojis/2699.png",
+    },
+    "fullstack" = {
+      "display_name" = "Fullstack",
+      "codes" = concat(local.be_codes, local.fe_codes),
+      "description" = "The team that works on both the frontend and backend.",
+      "icon" = "/emojis/1f916.png",
+    }
+  }
+
+  regions = [
+    {
+      icon  = "/emojis/1f1fa-1f1f8.png"
+      name  = "Pittsburgh"
+      value = "us-pittsburgh"
+    },
+    {
+      icon  = "/emojis/1f1eb-1f1ee.png"
+      name  = "Helsinki"
+      value = "eu-helsinki"
+    },
+    {
+      icon  = "/emojis/1f1e6-1f1fa.png"
+      name  = "Sydney"
+      value = "ap-sydney"
+    },
+    {
+      icon  = "/emojis/1f1e7-1f1f7.png"
+      name  = "São Paulo"
+      value = "sa-saopaulo"
+    },
+    {
+      icon  = "/emojis/1f1ff-1f1e6.png"
+      name  = "Johannesburg"
+      value = "za-jnb"
+    }
+  ]
+
+  region_values = [for region in local.regions : region.value]
+  default_regions = tolist(setintersection(data.coder_workspace_owner.me.groups, local.region_values))
+  default_region = length(local.default_regions) > 0 ? local.default_regions[0] : local.region_values[0]
+}
+
+output "test" {
+  value = local.default_region
+}
diff --git a/testdata/demo_flat/main.tf b/testdata/demo_flat/main.tf
@@ -0,0 +1,31 @@
+// Demo terraform has a complex configuration.
+// CODER_WORKSPACE_OWNER_GROUPS='["admin","developer"]' terraform apply
+//
+// Some run options
+// preview -v Team=backend -g admin
+// preview -v Team=backend -g admin -g sa-saopaulo
+terraform {
+  required_providers {
+    coder = {
+      source = "coder/coder"
+    }
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.0.2"
+    }
+  }
+}
+
+
+data coder_workspace_owner "me" {}
+
+module "jetbrains_gateway" {
+  count          = 1
+  source         = "registry.coder.com/modules/jetbrains-gateway/coder"
+  version        = "1.0.28"
+  agent_id       = "random"
+  folder         = "/home/coder/example"
+  jetbrains_ides = local.teams[data.coder_parameter.team.value].codes
+  default        = local.teams[data.coder_parameter.team.value].codes[0]
+  coder_parameter_order = 11
+}
diff --git a/testdata/demo_flat/parameters.tf b/testdata/demo_flat/parameters.tf
@@ -0,0 +1,124 @@
+data "coder_parameter" "team" {
+  name        = "Team"
+  description = "Which team are you on?"
+  type        = "string"
+  default     = "fullstack"
+  order       = 10
+
+  dynamic "option" {
+    for_each = local.teams
+    content {
+      name  = option.value.display_name
+      value = option.key
+      description = option.value.description
+      icon = option.value.icon
+    }
+  }
+
+  validation {
+    regex = "^frontend|backend|fullstack$"
+    error = "You must select either frontend, backend, or fullstack."
+  }
+}
+
+data "coder_parameter" "browser" {
+  name        = "browser"
+  description = "Which browser do you prefer?"
+  type        = "string"
+  default     = "chromium"
+  order       = 12
+  count       = (
+    data.coder_parameter.team.value == "frontend" ||
+    data.coder_parameter.team.value == "fullstack"? 1 : 0
+  )
+
+  option {
+    name  = "Chrome"
+    value = "chrome"
+  }
+
+  option {
+    name  = "Firefox"
+    value = "firefox"
+  }
+
+  option {
+    name  = "Safari"
+    value = "safari"
+  }
+
+  option {
+    name  = "Edge"
+    value = "edge"
+  }
+
+  option {
+    name  = "Chromium"
+    value = "chromium"
+  }
+}
+
+
+data "coder_parameter" "cpu" {
+  name         = "cpu"
+  display_name = "CPU"
+  description  = "The number of CPU cores"
+  type         = "number"
+  default      = "2"
+  icon         = "/icon/memory.svg"
+  mutable      = true
+  order        = 20
+
+  validation {
+    min = 1
+    // Confidential instances are more expensive, or some justification like
+    // that
+    // TODO: This breaks when the user is an admin
+    max = local.secutity_level == "high" ? 4 : 8
+    error = "CPU range must be between {min} and {max}."
+  }
+}
+
+data "coder_workspace_tags" "test" {
+    tags = {
+      "hash": trimprefix(data.docker_registry_image.coder.sha256_digest, "sha256:")
+    }
+}
+
+// Advanced admin parameter
+data "coder_parameter" "image_hash" {
+  count       = local.isAdmin ? 1 : 0
+  name        = "Image Hash"
+  description = "Override the hash of the image to use. Only available to admins."
+  // Value can get stale
+  default     = trimprefix(data.docker_registry_image.coder.sha256_digest, "sha256:")
+  order       = 100
+
+  validation {
+    regex = "^[a-f0-9A-F]{64}$"
+    error = "The image hash must be a 64-character hexadecimal string."
+  }
+}
+
+data "docker_registry_image" "coder" {
+  name = "ghcr.io/coder/coder:latest"
+}
+
+data "coder_parameter" "region" {
+  name         = "Region"
+  display_name = "Region"
+  description  = "What region are you in?"
+  default      = local.default_region
+  icon         = "/icon/memory.svg"
+  mutable      = false
+  order        = 1
+
+  dynamic "option" {
+    for_each = local.regions
+    content {
+      name  = option.value.name
+      value = option.value.value
+      icon  = option.value.icon
+    }
+  }
+}
diff --git a/testdata/demo_flat/plan.json b/testdata/demo_flat/plan.json
diff --git a/testdata/demo_flat/skipe2e b/testdata/demo_flat/skipe2e
diff --git a/testdata/demo_flat/users.json b/testdata/demo_flat/users.json
