-
Notifications
You must be signed in to change notification settings - Fork 10
feat: add experimental coderd_ai_provider resource #368
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
ethanndickson
wants to merge
6
commits into
main
Choose a base branch
from
ethan/ai-provider-resource
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+1,640
−1
Open
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
0c22e42
Add coderd_experimental_ai_provider resource
ethanndickson 41824ff
review
ethanndickson ee4f14c
review
ethanndickson 0ed85d3
review
ethanndickson 18615e5
rename
ethanndickson e201a8b
helper func & comment
ethanndickson File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "coderd_ai_provider Resource - terraform-provider-coderd" | ||
| subcategory: "" | ||
| description: |- | ||
| ~> This resource is experimental. Changes are expected, and it is not recommended for production use. | ||
| -> _wo attributes are write-only https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments: their values are sent to Coder but never stored in Terraform state. This resource therefore requires Terraform 1.11 or later. | ||
| Configures an AI Provider for use with Coder's AI Gateway & Coder Agents. | ||
| For type = "bedrock", omit settings.bedrock.access_key_wo and settings.bedrock.access_key_secret_wo to use the AWS SDK default credential chain as resolved by the Coder server process (IAM role, IRSA, environment variables, shared config, SSO, IMDS, and more). Set both together to use static IAM-user credentials. | ||
| --- | ||
|
|
||
| # coderd_ai_provider (Resource) | ||
|
|
||
| ~> This resource is experimental. Changes are expected, and it is not recommended for production use. | ||
|
|
||
| -> `_wo` attributes are [write-only](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments): their values are sent to Coder but never stored in Terraform state. This resource therefore requires Terraform 1.11 or later. | ||
|
|
||
| Configures an AI Provider for use with Coder's AI Gateway & Coder Agents. | ||
|
|
||
| For `type = "bedrock"`, omit `settings.bedrock.access_key_wo` and `settings.bedrock.access_key_secret_wo` to use the AWS SDK default credential chain as resolved by the Coder server process (IAM role, IRSA, environment variables, shared config, SSO, IMDS, and more). Set both together to use static IAM-user credentials. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "coderd_ai_provider" "bedrock" { | ||
| type = "bedrock" | ||
| name = "aws-bedrock" | ||
| display_name = "AWS Bedrock" | ||
| enabled = true | ||
| base_url = "https://bedrock-runtime.us-east-1.amazonaws.com" | ||
|
|
||
| settings = { | ||
| bedrock = { | ||
| model = "anthropic.claude-3-5-sonnet-20241022-v2:0" | ||
| small_fast_model = "anthropic.claude-3-5-haiku-20241022-v1:0" | ||
|
|
||
| // Omit these to use the AWS SDK default credential chain from the Coder server | ||
| // process (for example IAM role / IRSA). Set both to use static credentials. | ||
| // access_key_wo = var.bedrock_access_key | ||
| // access_key_secret_wo = var.bedrock_access_key_secret | ||
| // credentials_wo_version = 1 | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "coderd_ai_provider" "openai" { | ||
| type = "openai" | ||
| name = "openai" | ||
| display_name = "OpenAI" | ||
| enabled = true | ||
| base_url = "https://api.openai.com/v1" | ||
|
|
||
| api_key_wo = var.openai_api_key | ||
| api_key_wo_version = 1 | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `base_url` (String) Absolute HTTP(S) base URL for the upstream provider endpoint. | ||
| - `name` (String) Unique provider name. Must be lowercase alphanumeric words separated by hyphens. | ||
| - `type` (String) AI provider type. Valid values are `openai`, `anthropic`, `azure`, `bedrock`, `google`, `openai-compat`, `openrouter`, `vercel`, and `copilot`. | ||
|
|
||
| ### Optional | ||
|
|
||
| > **NOTE**: [Write-only arguments](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments) are supported in Terraform 1.11 and later. | ||
|
|
||
| - `api_key_wo` (String, Sensitive, [Write-only](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments)) Plaintext API key for the provider. Not valid for `bedrock` or `copilot`, or when `settings.bedrock` is set. Bump `api_key_wo_version` to rotate it. | ||
| - `api_key_wo_version` (Number) Version for the write-only API key. Required when `api_key_wo` is set; bump it whenever `api_key_wo` changes to rotate the stored key. | ||
|
ethanndickson marked this conversation as resolved.
|
||
| - `display_name` (String) Display name shown in Coder. If omitted, defaults to the provider name. | ||
| - `enabled` (Boolean) Whether this AI provider is enabled. Defaults to true. | ||
| - `settings` (Attributes) Type-specific provider settings. (see [below for nested schema](#nestedatt--settings)) | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `api_key_masked` (String) Masked API key value returned by Coder for display only. | ||
| - `created_at` (Number) Creation timestamp as Unix seconds. | ||
| - `id` (String) AI provider ID. | ||
| - `updated_at` (Number) Last update timestamp as Unix seconds. | ||
|
|
||
| <a id="nestedatt--settings"></a> | ||
| ### Nested Schema for `settings` | ||
|
|
||
| Optional: | ||
|
|
||
| - `bedrock` (Attributes) AWS Bedrock settings. Valid only for `type = "bedrock"` or `type = "anthropic"`. (see [below for nested schema](#nestedatt--settings--bedrock)) | ||
|
|
||
| <a id="nestedatt--settings--bedrock"></a> | ||
| ### Nested Schema for `settings.bedrock` | ||
|
|
||
| Optional: | ||
|
|
||
| - `access_key_secret_wo` (String, Sensitive, [Write-only](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments)) AWS secret access key for Bedrock. | ||
| - `access_key_wo` (String, Sensitive, [Write-only](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments)) AWS access key ID for Bedrock. See [Coder's Amazon Bedrock provider docs](https://coder.com/docs/ai-coder/ai-gateway/providers#amazon-bedrock). | ||
| - `credentials_wo_version` (Number) Version for Bedrock write-only credentials. Bump this value to send, rotate, or clear credentials. | ||
| - `model` (String) Primary Bedrock model identifier. | ||
| - `region` (String) AWS region for Bedrock. If omitted, derived from the canonical Bedrock `base_url` attribute. | ||
| - `small_fast_model` (String) Small/fast Bedrock model identifier used for background tasks. | ||
|
|
||
| ## Import | ||
|
|
||
| Import is supported using the following syntax: | ||
|
|
||
| The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example: | ||
|
|
||
| ```shell | ||
| # The ID supplied can be either an AI provider UUID or name. | ||
| # Existing remote API keys are preserved. Omit api_key_wo and api_key_wo_version | ||
| # to leave them unmanaged, or configure both to replace them on a later apply. | ||
| $ terraform import coderd_ai_provider.example openai | ||
| ``` | ||
| Alternatively, in Terraform v1.5.0 and later, an [`import` block](https://developer.hashicorp.com/terraform/language/import) can be used: | ||
|
|
||
| ```terraform | ||
| import { | ||
| to = coderd_ai_provider.example | ||
| id = "openai" | ||
| } | ||
| ``` | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| # The ID supplied can be either an AI provider UUID or name. | ||
| # Existing remote API keys are preserved. Omit api_key_wo and api_key_wo_version | ||
| # to leave them unmanaged, or configure both to replace them on a later apply. | ||
| $ terraform import coderd_ai_provider.example openai | ||
| ``` | ||
| Alternatively, in Terraform v1.5.0 and later, an [`import` block](https://developer.hashicorp.com/terraform/language/import) can be used: | ||
|
|
||
| ```terraform | ||
| import { | ||
| to = coderd_ai_provider.example | ||
| id = "openai" | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| resource "coderd_ai_provider" "bedrock" { | ||
| type = "bedrock" | ||
| name = "aws-bedrock" | ||
| display_name = "AWS Bedrock" | ||
| enabled = true | ||
| base_url = "https://bedrock-runtime.us-east-1.amazonaws.com" | ||
|
|
||
| settings = { | ||
| bedrock = { | ||
| model = "anthropic.claude-3-5-sonnet-20241022-v2:0" | ||
| small_fast_model = "anthropic.claude-3-5-haiku-20241022-v1:0" | ||
|
|
||
| // Omit these to use the AWS SDK default credential chain from the Coder server | ||
| // process (for example IAM role / IRSA). Set both to use static credentials. | ||
| // access_key_wo = var.bedrock_access_key | ||
| // access_key_secret_wo = var.bedrock_access_key_secret | ||
| // credentials_wo_version = 1 | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "coderd_ai_provider" "openai" { | ||
| type = "openai" | ||
| name = "openai" | ||
| display_name = "OpenAI" | ||
| enabled = true | ||
| base_url = "https://api.openai.com/v1" | ||
|
|
||
| api_key_wo = var.openai_api_key | ||
| api_key_wo_version = 1 | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.