From 1c6986bf14e87a9a1e1323f42ae43efffe6de395 Mon Sep 17 00:00:00 2001 From: Ali Allomani <17993914+AliAllomani@users.noreply.github.com> Date: Tue, 15 Dec 2020 06:17:02 +0100 Subject: [PATCH] support raw value for ssh keys in addition to paths (#159) * support raw value for ssh keys in addion to paths * support raw value for ssh keys in addion to paths * moved ssh key type check to linux vm resource * moving ssh value to a new variable * tf fmt * Update README.md change name to `ssh_key_values` * Update main.tf * Update main.tf * Update variables.tf * Update README.md format Co-authored-by: Yuping Wei <56525716+yupwei68@users.noreply.github.com> --- README.md | 4 +++- main.tf | 9 +++++++++ test/fixture/main.tf | 14 ++++++++++++++ variables.tf | 5 +++++ 4 files changed, 31 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d25e0f..5f6af6b 100644 --- a/README.md +++ b/README.md @@ -148,7 +148,8 @@ More specifically this provisions: When ssh keys are enabled you can either - use the default "~/.ssh/id_rsa.pub" - set one key by setting a path in ssh_key variable. e.g "joey_id_rsa.pub" - - set shh_key and add zero or more files paths in extra_ssh_keys variable e.g. ["ross_id_rsa.pub", "rachel_id_rsa.pub"] (since v3.8.0) + - set ssh_key and add zero or more files paths in extra_ssh_keys variable e.g. ["ross_id_rsa.pub", "rachel_id_rsa.pub"] (since v3.8.0) + - set ssh_key_values as a list of raw public ssh keys values or refer it to a data source with the public key value, e.g. `["ssh-rsa AAAAB3NzaC1yc..."]` 4 - You can install custom certificates / secrets on the virtual machine from Key Vault by using the variable `os_profile_secrets`. @@ -197,6 +198,7 @@ module "linuxservers" { data_disk_size_gb = 64 data_sa_type = "Premium_LRS" enable_ssh_key = true + ssh_key_values = ["ssh-rsa AAAAB3NzaC1yc2EAAAAD..."] vm_size = "Standard_D4s_v3" tags = { diff --git a/main.tf b/main.tf index 4dfec7b..b15988d 100644 --- a/main.tf +++ b/main.tf @@ -108,6 +108,15 @@ resource "azurerm_virtual_machine" "vm-linux" { key_data = file(ssh_keys.value) } } + + dynamic ssh_keys { + for_each = var.enable_ssh_key ? var.ssh_key_values : [] + content { + path = "/home/${var.admin_username}/.ssh/authorized_keys" + key_data = ssh_keys.value + } + } + } dynamic "os_profile_secrets" { diff --git a/test/fixture/main.tf b/test/fixture/main.tf index f534a58..822f010 100644 --- a/test/fixture/main.tf +++ b/test/fixture/main.tf @@ -100,6 +100,20 @@ module "debianservers" { depends_on = [azurerm_resource_group.test] } +module "debianservers2" { + source = "../../" + vm_hostname = "${random_id.ip_dns.hex}-d2" + resource_group_name = azurerm_resource_group.test.name + location = var.location_alt + admin_username = var.admin_username + vm_os_simple = var.vm_os_simple_2 + vnet_subnet_id = azurerm_subnet.subnet2.id + enable_ssh_key = true + ssh_key_values = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8GIRF1Snlg9NKCmM74RHXqRGMXyui088+ntQqkQkFIL/BrlgP3CzOgHQmJ+3f0Up/+9UY9vX7AmT7WxVTyqBHT/Aes3VmU3wLO5/MMV/HRrT4z2QV/80futhxjk2unNdWGvbFcR6Y3I44EJFmr8GMbyXRtr0ibuv8BlTYx/K6AXSJ3V+kBqXMOF1QRvVoX9fJKPKjMsebe0cB1IYlm9KLqtciMy+aFOEsSNfrw5cNVsQfK3BgOUKAHsLfBiR7imA2ca+hh005GEtcVJvpvFzcM+bZggUpdqQwIzk1Kv/tROiJiGS0NnyzoxIZYeM3z/mQ5qnglp+174XGCG66EAnVdf5kbaI0Iu7FpAmVhJ92N+MNKoP6vT8cMkYYZf3RaiMMnzjswK/VLbb5ks6Qe9qEPXW1IBtkaaF7+0PCWbPr86I0G2bOa2tFyOHm046Z9sRlkaOO95hmer6Y6MUbMpfeprmjR87u6MVOPglnARfV3UI9i6wOUhVVIi6Wb424HWU="] + + depends_on = [azurerm_resource_group.test] +} + module "windowsservers" { source = "../../" vm_hostname = "${random_id.ip_dns.hex}-w" // line can be removed if only one VM module per resource group diff --git a/variables.tf b/variables.tf index f58752e..99c9972 100644 --- a/variables.tf +++ b/variables.tf @@ -38,6 +38,11 @@ variable "ssh_key" { default = "~/.ssh/id_rsa.pub" } +variable "ssh_key_values" { + description = "List of Public SSH Keys values to be used for ssh access to the VMs." + type = list(string) + default = [] +} variable "remote_port" { description = "Remote tcp port to be used for access to the vms created via the nsg applied to the nics." type = string