From f07ae732214cd087067b3c3e7cd17ee6781a9236 Mon Sep 17 00:00:00 2001 From: Hector Rivas Gandara Date: Tue, 22 Mar 2016 17:10:53 +0000 Subject: [PATCH] Upload public SSH key for git user In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: https://github.com/hashicorp/terraform/issues/5744 https://github.com/hashicorp/terraform/pull/5774 --- terraform/concourse/codecommit.tf | 6 ++++++ terraform/concourse/git_ssh_key_id | 1 + terraform/concourse/outputs.tf | 4 ++++ terraform/concourse/variables.tf | 4 ++++ 4 files changed, 15 insertions(+) create mode 100644 terraform/concourse/git_ssh_key_id diff --git a/terraform/concourse/codecommit.tf b/terraform/concourse/codecommit.tf index 35308f0900..bc1c738028 100644 --- a/terraform/concourse/codecommit.tf +++ b/terraform/concourse/codecommit.tf @@ -30,3 +30,9 @@ resource "aws_iam_user" "git" { # ] # append = true #} + +resource "aws_iam_user_ssh_key" "git" { + username = "${aws_iam_user.git.name}" + encoding = "PEM" + public_key = "${var.git_rsa_id_pub}" +} diff --git a/terraform/concourse/git_ssh_key_id b/terraform/concourse/git_ssh_key_id new file mode 100644 index 0000000000..d2807ae17f --- /dev/null +++ b/terraform/concourse/git_ssh_key_id @@ -0,0 +1 @@ +Empty file git_ssh_key_id to avoid terraform fail during the first run. diff --git a/terraform/concourse/outputs.tf b/terraform/concourse/outputs.tf index 5b804c3c39..8b6e9a6156 100644 --- a/terraform/concourse/outputs.tf +++ b/terraform/concourse/outputs.tf @@ -29,3 +29,7 @@ output "git_concourse_pool_clone_url_http" { output "git_user_name" { value = "${aws_iam_user.git.name}" } + +output "git_user_ssh_public_key_id" { + value = "${aws_iam_user_ssh_key.git.ssh_public_key_id}" +} diff --git a/terraform/concourse/variables.tf b/terraform/concourse/variables.tf index 16e6012489..123ef3089b 100644 --- a/terraform/concourse/variables.tf +++ b/terraform/concourse/variables.tf @@ -10,3 +10,7 @@ variable "concourse_pool_git_rw_groupname" { description = "Group with permissions to write in concourse pool git repositories" default = "concourse-pool-git-rw" } + +variable "git_rsa_id_pub" { + description = "Public SSH key for the git user" +}